"Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links"
About 15,000 spam packages have flooded the NPM repository in an effort to distribute phishing links, as part of an ongoing attack on the open-source ecosystem. Checkmarx researcher Yehuda Gelb stated in a recent report that the packages were developed using automated methods, with project descriptions and auto-generated names that closely resembled one another. The attackers referred customers to retail websites using referral IDs, benefitting from referral bonuses. The method of operation involves poisoning the registry with rogue packages containing links to phishing campaigns in their README.md files, reminiscent of a similar campaign uncovered by the software supply chain security firm in December 2022. Several of the fake modules were labeled "free-tiktok-followers," "free-xbox-codes," and "instagram-followers-free." This article continues to discuss the flooding of the NPM repository with over 15,000 spam packages.