"Over 1200 NPM Packages Found Involved in 'CuteBoi' Cryptomining Campaign"

A new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository has been revealed by researchers. The malicious activity, attributed to a software supply chain threat actor known as CuteBoi, consists of 1,283 rogue modules published in an automated fashion from over 1,000 different user accounts. According to Checkmarx, this was done using automation, which includes the ability to pass the NPM 2FA challenge. This cluster of packages appears to be a part of an attacker experimenting. All of the released packages are said to contain nearly identical source code from an already existing package called eazyminer, which is used to mine Monero by utilizing unused resources on web servers. One notable change is the URL to which the mined cryptocurrency should be sent, though installing the rogue modules has no negative consequences. The miner functionality in the code copied from eazyminer is intended to be triggered from within another program rather than as a standalone tool. This article continues to discuss findings and observations surrounding the CuteBoi cryptomining campaign. 

THN reports "Over 1200 NPM Packages Found Involved in 'CuteBoi' Cryptomining Campaign"