Unpkg.com hacked?

I’ve checked on both my local machine and on a VPS I run, and the following URL is 302 redirecting to a malicious JS script which pops up a confirmation window and then redirects to ads:

SOURCE URL: https://unpkg.com/react@latest/dist/react.js

MALICIOUS REDIRECT: https://compliance-jessica.xyz/a.php

This is the URL recommended for in-browser development use by https://facebook.github.io/react/docs/installation.html

Can anyone else replicate this?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s