Flood of malicious packages results in NPM registry DoS

2023-04-05 11:49

Attackers are exploiting the good reputation and "Openness" of the popular public JavaScript software registry NPM to deliver malware and scams, but are also simultaneously and inadvertently launching DoS attacks against the service.

Malicious package on NPM pointing to a site serving malware.

"Typically, the number of package versions released on NPM is approximately 800,000. However, in the previous month, the figure exceeded 1.4 million due to the high volume of spam campaigns."

The process of creating the packages is automated, and the packages usually only contain a readme file.

Preventing NPM DoS. NPM's good reputation with search engines allows these malicious packages to come up high on the list of results when users search for specific terms - an added bonus.

Unfortunately for NPM's operators, these occasional floods of malicious packages can also overload NPM, meaning that users can't occasionaly access it when they need it.

News URL

https://www.helpnetsecurity.com/2023/04/05/flood-of-malicious-packages-results-in-npm-registry-dos/

#DOS #NPM