"Flood of Malicious Packages Results in NPM Registry DoS"

Attackers are abusing the reputation and openness of the popular public JavaScript software registry NPM to spread malware and carry out scams, while launching Distributed Denial-of-Service (DoS) attacks against the service at the same time. According to Jossef Harush Kadouri, head of software supply chain security at Checkmarx, the load generated by automated scripts rendered NPM unstable with "Service Unavailable" errors. Kadouri's documentation highlights that attackers abuse NPM to conduct Search Engine Optimization (SEO) poisoning for malware-delivery campaigns, spam campaigns, cryptocurrency scam campaigns, and phishing campaigns. This year, Checkmarx discovered a flash attack in which multiple user accounts published more than 15,000 phishing packages in a matter of hours, and found that such attacks are common. Kadouri explains that as long as the name is not taken, they can publish an unlimited number of packages on NPM. The number of package versions released on NPM is typically about 800,000. The previous month's total exceeded 1,400,000 due to the volume of spam campaigns. This article continues to discuss the ways in which attackers misuse NPM as well as the launch of NPM DoS attacks.

Help Net Security reports "Flood of Malicious Packages Results in NPM Registry DoS"