About two dozen malicious NPM packages have been stealing data from forms embedded in mobile…
This attack reminds of another campaign uncovered in December 2022 targeting the NuGet, PyPi and npm ecosystems. Now, just like last year, attackers include their links in README.md files.
Fake packages are disguised as various cheats and free resources. For example, some promise free social media followers or Xbox codes: free-tiktok-followers and free-xbox-codes. The main task of attackers is to encourage users to download these packages and follow links to phishing or referral sites.
Typically, these sites encourage victims to complete surveys or redirect them to legitimate e-commerce sites such as AliExpress.
According to Checkmarx, a new wave of such packages was uploaded to npm between February 20 and 21, 2023, on behalf of several accounts. At the same time, the attackers used a Python script that automated the entire process.
In addition, the script was designed to add links to published npm packages to WordPress sites controlled by attackers. These sites allegedly offer cheats for Family Island.
In general, the use of automation allowed the attackers to publish a large number of packages in a short period of time, not to mention the creation of multiple accounts to cover up the scope of the attack.
News-bhexusa.xyz is a domain that tries to trick you into clik to its browser notifications…
News-bhupotu.xyz is a domain that tries to trick you into subscribing to its browser notifications…
News-bhocime.info is a site that tries to trick you into subscribing to its browser notifications…
You-hub.online is a site that tries to force you into clik to its browser notifications…
News-bhecudu.live is a domain that tries to force you into clik to its browser notifications…
News-bhiciwe.today is a site that tries to force you into clik to its browser notifications…