One way is to whitelist all domains that the app can make network requests to. That way a malicious library won't be able to send the payload to itself unless it compromises your servers as well.
If the attacker is targeting your app specifically, he can use a whitelisted domain like google analytics.
https://www.kaspersky.com/blog/web-skimming-with-ga/35986/
Please Login to reply.
No replies yet.
