Security News > 2022 > December > Open-source repositories flooded by 144,000 phishing packages
Unknown threat actors have uploaded a massive 144,294 phishing-related packages on open-source package repositories, inluding NPM, PyPi, and NuGet.
The large-scale attack resulted from automation, as the packages were uploaded from accounts using a particular naming scheme, featured similar descriptions, and led to the same cluster of 90 domains that hosted over 65,000 phishing pages.
The phishing packages were uploaded in troves within a couple of days, which is commonly a sign of malicious activity.
The URL to the phishing sites was implanted in the package description, hoping that the links from repositories would increase the SEO of their phishing sites.
The security researchers who discovered this campaign informed NuGet of the infection, and all packages have since been delisted.
Considering the automated method employed by the threat actors to upload such a large number of packages in such a short time, they could re-introduce the threat using new accounts and different package names at any time.