"Hackers Bombard Open-Source Repositories with Over 144,000 Malicious Packages"

Unknown threat actors have published more than 144,000 packages in the NuGet, PyPI, and npm ecosystems as part of a new campaign. According to Checkmarx and Illustria researchers, the packages were part of a new attack vector in which attackers spammed the open-source ecosystem with packages containing links to phishing campaigns. Of the 144,294 malicious detected, 136,258 were published on NuGet, 7,824 on PyPI, and 212 on npm. The offending libraries have since been removed from the list or removed. Further investigation has shown that the entire process was automated, the packages were pushed quickly, and most usernames adhered to a specific convention. The fake packages themselves claimed to offer hacks, cheats, and free resources to trick users into downloading them. The package description contained links that led to the malicious phishing pages. The massive included over 65,000 unique URLs across 90 domains. According to the researchers, the threat actors behind this campaign likely wanted to improve the Search Engine Optimization (SEO) of their phishing sites by linking them to legitimate websites such as NuGet, emphasizing the importance of being cautious when downloading packages and only using trusted sources. These deceptive and well-designed pages promoted game hacks, "free money" for Cash App accounts, gift cards, and increased social media followers on platforms such as YouTube, TikTok, and Instagram. This article continues to discuss the targeting of NuGet, PyPI, and npm ecosystems in a new campaign that has led to over 144,000 malicious packages being published.

THN reports "Hackers Bombard Open-Source Repositories with Over 144,000 Malicious Packages"