react-refresh-update
react-refresh-update is identified in the SafeDep analysis "Malicious npm Package react-refresh-update Drops Cross-Platform Trojan on Developer Machines". >
discovered 2026-03-16
Threat types
credential_stealerdata_exfiltrationtyposquat
Malicious versions
- 1.0.0
- 1.0.1
- 1.0.2
- 1.0.3
- 1.0.4
- 2.0.5
Campaigns
Indicators
Techniques
- ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttpT1036 Masquerading: package impersonation and typosquattinguses
- ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
- ttpT1041 Exfiltration Over C2 Channeluses
- ttpT1105 Ingress Tool Transferuses
- ttpT1071.001 Application Layer Protocol: Web Protocolsuses
