Home Security Hackers Flood NPM with Bogus Packages Inflicting a DoS Assault

Hackers Flood NPM with Bogus Packages Inflicting a DoS Assault

by crpt os


Apr 10, 2023Ravie LakshmananSoftware Security / JavaScript

Threat actors are flooding the npm open source package repository with bogus packages that briefly even resulted in a denial-of-service (DoS) attack.

“The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems’ good reputation on search engines,” Checkmarx’s Jossef Harush Kadouri said in a report published last week.

“The attacks caused a denial-of-service (DoS) that made NPM unstable with sporadic ‘Service Unavailable’ errors.”

While similar campaigns were recently observed propagating phishing links, the latest wave pushed the number of package versions to 1.42 million, a dramatic uptick from the approximate 800,000 packages released on npm.

The attack technique leverages the fact that open source repositories are ranked higher on search engine results to create rogue websites and upload empty npm modules with links to those sites in the README.md files.

“Since the open source ecosystems are highly reputed on search engines, any new open-source packages and their descriptions inherit this good reputation and become well-indexed on search engines, making them more visible to unsuspecting users,” Harush Kadouri explained.

Given that the whole process is automated, the load created by publishing numerous packages led to NPM intermittently experiencing stability issues towards the end of March 2023.

Checkmarx points out that where there may be multiple actors behind the activity, the end goal is to infect the victim’s system with malware such as RedLine Stealer, Glupteba, SmokeLoader, and cryptocurrency miners.

UPCOMING WEBINAR

Learn to Secure the Identity Perimeter – Proven Strategies

Improve your business security with our upcoming expert-led cybersecurity webinar: Explore Identity Perimeter strategies!

Don’t Miss Out – Save Your Seat!

Other links take users through a series of intermediate pages that ultimately lead to legitimate e-commerce sites like AliExpress with referral IDs, earning them a profit when the victim makes a purchase on the platform. A third category entails inviting Russian users to join a Telegram channel that specializes in cryptocurrency.

“The battle against threat actors poisoning our software supply chain ecosystem continues to be challenging, as attackers constantly adapt and surprise the industry with new and unexpected techniques,” Harush Kadouri said.

To prevent such automated campaigns, Checmarx has recommended npm to incorporate anti-bot techniques during user account creation.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex