Advertisement
Top
image credit: Pexels

Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages

December 15, 2022

Via: The Hacker News
Category:

NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted in over 144,000 packages being published by unknown threat actors.

“The packages were part of a new attack vector, with attackers spamming the open-source ecosystem with packages containing links to phishing campaigns,” researchers from Checkmarx and Illustria said in a report published Wednesday.

Of the 144,294 phishing-related packages that were detected, 136,258 were published on NuGet, 7,824 on PyPi, and 212 on npm. The offending libraries have since been unlisted or taken down.

Read More on The Hacker News

RELATED PUBLICATIONS

Passwords under seven characters can be easily cracked
North Korean Hackers Hijack Antivirus Updates for Malware Delivery
MITRE says it was hit by hackers exploiting Ivanti flaws

Latest Publications

ASEAN organizations dealing with growing cyber menace
Europol confirms incident following alleged auction of staff data
Russia-linked APT28 targets government Polish institutions
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!