Security News > 2022 > March > Microsoft Azure Developers Awash in PII-Stealing npm Packages
Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information in a large-scale typosquatting attack against Microsoft Azure cloud users.
That's according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.
Npm scopes are a way of grouping related packages together.
While JFrog reported the packages for removal from npm itself, developers could have pulled in the malicious code to any number of applications that are still threatening Azure users.
Npm is the most oft-downloaded JavaScript package repository used by developers to build web applications, and as such, has been increasingly targeted by malicious actors to carry out software supply-chain attacks.
Adding a CAPTCHA mechanism on npm user creation would not allow attackers to easily create an arbitrary amount of users from which malicious packages could be uploaded, making attack identification easier."
News URL
https://threatpost.com/microsoft-azure-developers-pii-stealing-npm-packages/179096/
Related news
- Microsoft creates fake Azure tenants to pull phishers into honeypots (source)
- Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor (source)
- BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)