Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Socket Threat Research deconstructs fezbox QR-steganography and cookie-stealing payload

Technical Analysis
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

Socket Threat Research deconstructed the malicious fezbox package and uncovered QR-code steganography plus layered obfuscation that hid cookie-stealing code, raising the value of the findings for defenders analyzing similar supply-chain payloads.

Related Happenings

Fezbox QR-code cookie-stealing malware activity

Malware Activity
First: 23.09.2025 13:42 Last: 23.09.2025 13:42 Sources 1

How related: Researchers from Socket Threat Research discovered the malicious package, called "fezbox," on the npm website earlier this week and petitioned for its removal as well as the suspension of the user who posted it, according to a blog post published this week.

About this happening: The **fezbox** **npm** package was found delivering **cookie-stealing malware** through a **QR code** hidden in a JPG, creating a supply-chain risk for **JavaScript and Node.js**...

Open Happening

Timeline

  1. 24.09.2025 11:55 2 articles · 8mo ago

    Socket Threat Research discovers fezbox QR-steganography malware

    Technical Analysis Update

    Socket Threat Research discovered the poisoned npm package fezbox on the npm registry after it was posted by a Chinese-speaking attacker using the alias janedu.; the package hid credential-stealing malware inside steganographic QR codes, used reversed strings and other obfuscation layers, and could read a Web cookie to extract a username and password for exfiltration via HTTPS POST.

    Show sources
    Open in new tab