Security News > 2023 > February > NPM packages posing as speed testers install crypto miners instead
A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors.
The packages were uploaded onto NPM, an online repository containing over 2.2 million open-source JavaScript packages shared among software developers to speed up the coding process.
CheckPoint discovered these packages on January 17, 2023, all uploaded to NPM by a user named "Trendava." Following the company's report, NPM removed them the following day.
Most packages feature a name resembling an internet speed tester, but they are all cryptocurrency miners.
"As part of this effort, we've seen the attacker hosting the malicious files on GitLab. In some cases, the malicious packages were interacting directly with the crypto pools, and in some cases, they seem to leverage executables for that need."
Last week, researchers from Phylum disclosed that they found 451 malicious typosquatting packages on PyPi that installed password-stealing malware.