Security News > 2022 > March > Microsoft Azure developers targeted by 200-plus data-stealing npm packages
A group of more than 200 malicious npm packages targeting developers who use Microsoft Azure has been removed two days after they were made available to the public.
This group of packages grew from about 50 to at least 200 by March 21.
For npm - a command line tool for interacting with the npm Registry - scope serves to associate software packages with the name of an individual or organization.
This involves using high version numbers in the hope that internal npm private proxies - set up for fetching code from an internal registry - are configured to look for new versions of existing packages first from the public npm Registry before falling back to the local registry.
The attacker further tried to avoid detection by using an upload script that generated a unique username for each of the uploaded packages.
Adding a CAPTCHA mechanism on npm user creation would not allow attackers to easily create an arbitrary amount of users from which malicious packages could be uploaded, making attack identification easier," they suggest.
News URL
Related news
- Microsoft creates fake Azure tenants to pull phishers into honeypots (source)
- Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor (source)
- BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)