Security News > 2023 > February > Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links.

"The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report.

The modus operandi involves poisoning the registry with rogue packages that include links to phishing campaigns in their README.md files, evocative of a similar campaign the software supply chain security firm exposed in December 2022.

The ultimate goal of the operation is to entice users into downloading the packages and clicking on the links to the phishing sites with bogus promises of increased followers on social media platforms.

The packages are said to have been uploaded to npm from multiple user accounts within hours between February 20 and 21, 2023, using a Python script that automates the whole process.

What's more, the Python script is also engineered to append links to the published npm packages on WordPress websites operated by the threat actor that claim to offer Family Island cheats.

News URL

https://thehackernews.com/2023/02/attackers-flood-npm-repository-with.html