Friendica Social Network

Kevin Beaumont

3 weeks ago • •

Kevin Beaumont
3 weeks ago • •

Lottiefiles Lottieplayer JavaScript library has been compromised forum.lottiefiles.com/t/the-pr…

Somebody also made the first change to the GitHub repo for months 10 minutes ago, reasons unclear.

You may want to proxy block *.web3modal.org

#threatintel

The problem of someone else's popup appearing

Hello, when I connect this link https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js via cdn ( when i add this link to my website), the following popup begins to appear on the site.

^{Let's talk Lottie}

#threatintel

This entry was edited (3 weeks ago)

in reply to Kevin Beaumont

Kevin Beaumont

in reply to Kevin Beaumont • 3 weeks ago • •

Lottie-Player saga playing out here: github.com/LottieFiles/lottie-…

3 new versions were published today but the threat actor infected them. Appears to be a stolen token.

#threatintel

Malicious code in Lottie-Player CDN files · Issue #254 · LottieFiles/lottie-player

after i use https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js or https://cdn.jsdelivr.net/npm/@lottiefiles/lottie-player@2.0.5/dist/lottie-player.min.js This popup opens on ...

^GitHub

#threatintel

This entry was edited (3 weeks ago)

in reply to Kevin Beaumont

Kevin Beaumont

in reply to Kevin Beaumont • 3 weeks ago • •

Latest: #threatintel

#threatintel

in reply to Kevin Beaumont

Kevin Beaumont

in reply to Kevin Beaumont • 3 weeks ago • •

Lottiefiles sent me a statement about their supply chain security incident. #threatintel

#threatintel

⇧