New Campaigns Use Malicious npm Packages to Support Phishing Kits

The open-source repository contains a number of malicious npm packages that have been used in supply chain attacks and phishing attempts. The assertions were made by researchers at ReversingLabs, who said in a blog post on Thursday that the packages provide a twofold threat because they harm application end users while also aiding email-based phishing attempts, which primarily target Microsoft 365 users.

More than a dozen malicious npm packages were found, according to software threat analyst Lucija Valenti, and they were posted between May 11 and June 13. These programmes mimicked genuine modules like jquery, which receives millions of downloads every week. Despite having been downloaded about 1000 times, the malicious packages were quickly deleted from npm after being found.

New Campaigns Use Malicious npm Packages to Support Phishing Kits

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

New Campaigns Use Malicious npm Packages to Support Phishing Kits

07-Jul-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address