HQ/EMEAFind out how we can help your business
Threat actors discovered a way of efficiently exploiting rouge NPM modules to distribute their malicious packages containing phishing links. Researchers uncovered thousands of hostile spam packages that flood the NPM repository and target the open-source environment.
Separate research for another cybercriminal campaign has resulted in the accidental discovery of phishing links within NPM packages. Based on reports, the researchers observed that the threat actors deployed more than 15,000 npm modules through several user accounts within multiple hours of execution.
Moreover, the actors used a Python script that automated the process of creating names and project descriptions that were seemingly identical. Some of the malicious modules displayed clickbait names such as “Instagram-followers-free,” “free-xbox-codes,” and “free-TikTok-followers” to deceive careless or unsuspecting users.
The abusers of NPM modules used their packages to operate their phishing attacks.
The malicious packages within the NPM modules included links to phishing campaigns within the threat actors’ README[.]md archives.
These links bait targeted users by assuring them that it has free resources, game cheats, and likes on social media platforms like Instagram and TikTok. In other instances, the pages displayed fake interactive chats that showed how other users received game cheats upon accessing the links.
Additionally, some phishing websites sport a built-in flow that pretends to process data and produce the promised gifts. Unfortunately, these processes fail the site prompts most of the time and victims to respond to a survey that leads to a legitimate e-Commerce website.
Furthermore, some fake websites seemed to redirect victims to e-commerce websites with referral IDs owned by the threat actors. Once a victim starts an online purchase through the website, the site will send a referral reward (coupon) or store credit to the attacker-controlled account.
Threat groups have constantly created and adopted new strategies to cause damage to the supply chain landscape. Therefore, cybersecurity experts urge everyone to verify the authenticity of all source code obtained from third-party and open-source platforms.
Developers should also perform periodic audits of code packages and validate the proper versions to help organisations mitigate such attacks from compromised packages.
