Npm Repository Flooded with over 15,000 Referral Packages

Checkmarx analysts noticed that the npm repository was flooded with over 15,000 packages with junk links. The attackers used the referral links of various trading sites to profit from their referral programs.

Let me remind you that we also wrote that Compromised npm Packages Use Cryptocurrency Exchanges, and also that Hackers Stole the Credentials of 100,000 npm Users.

These packages are created using automation, with project descriptions and automatically generated names that are very similar to each other.the experts say.

This attack reminds of another campaign uncovered in December 2022 targeting the NuGet, PyPi and npm ecosystems. Now, just like last year, attackers include their links in files.

npm referral packages

Fake packages are disguised as various cheats and free resources. For example, some promise free social media followers or Xbox codes: free-tiktok-followers and free-xbox-codes. The main task of attackers is to encourage users to download these packages and follow links to phishing or referral sites.

The dummy web pages are well designed and, in some cases, even have fake interactive chats that ostensibly demonstrate that users are actually getting the game cheats or the followers they were promised.experts say.

Typically, these sites encourage victims to complete surveys or redirect them to legitimate e-commerce sites such as AliExpress.

According to Checkmarx, a new wave of such packages was uploaded to npm between February 20 and 21, 2023, on behalf of several accounts. At the same time, the attackers used a Python script that automated the entire process.

In addition, the script was designed to add links to published npm packages to WordPress sites controlled by attackers. These sites allegedly offer cheats for Family Island.
In general, the use of automation allowed the attackers to publish a large number of packages in a short period of time, not to mention the creation of multiple accounts to cover up the scope of the attack.

This shows the sophistication and determination of these attackers, who are willing to invest significant resources to carry out their campaign.the experts conclude.
Let me remind you that the media also wrote that Researchers discovered a “factory” of malicious npm packages.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button