Once again, cyberattackers are targeting JavaScript developers — this time in a “complex and persistent supply chain attack” that’s distributing Trojanized packages for the popular JavaScript library jQuery across GitHub, Node Package Manager (npm), and jsDelivr repositories.

Each package contains a copy of jQuery with one small difference: the end function, a part of the jQuery prototype, is modified to include additional malicious code designed to extract website form data and send it to one of many URLs.