Security News > 2023 > April > Hackers Flood NPM with Bogus Packages Causing a DoS Attack

Threat actors are flooding the npm open source package repository with bogus packages that briefly even resulted in a denial-of-service attack.
"The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems' good reputation on search engines," Checkmarx's Jossef Harush Kadouri said in a report published last week.
While similar campaigns were recently observed propagating phishing links, the latest wave pushed the number of package versions to 1.42 million, a dramatic uptick from the approximate 800,000 packages released on npm.
The attack technique leverages the fact that open source repositories are ranked higher on search engine results to create rogue websites and upload empty npm modules with links to those sites in the README.md files.
"Since the open source ecosystems are highly reputed on search engines, any new open-source packages and their descriptions inherit this good reputation and become well-indexed on search engines, making them more visible to unsuspecting users," Harush Kadouri explained.
Given that the whole process is automated, the load created by publishing numerous packages led to NPM intermittently experiencing stability issues towards the end of March 2023.
News URL
https://thehackernews.com/2023/04/hackers-flood-npm-with-bogus-packages.html
Related news
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- New npm attack poisons local packages with backdoors (source)
- Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- Russian hackers attack Western military mission using malicious drive (source)