BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The npm repositories flooded with malicious packages that lead to a DoS attack

    And what about Aliexpress and Telegram channels about cryptocurrency?

    Information security company Checkmarx reports that attackers are distributing fake packages in npm repositories that lead to a DoS attack.

    Cybercriminals publish empty packages with links to pre-created malicious sites. The attack is based on the fact that open source repositories have trust among users and rank higher in search results. Hackers use this to create fraudulent sites and download empty npm modules with links to these sites in "README.md" files.

    Each package contains nothing but a "readme" file, which is displayed on the package page and contains a unique short link to the scam site with the context of the original npm package.

    The load generated by automated scripts made NPM unstable due to sporadic "Service Unavailable" errors.

    “Because open source ecosystems enjoy a high reputation in search engines, any new packages and their descriptions inherit this good reputation and are well indexed by search engines, making them more visible to unsuspecting users,” Checkmarx explained.

    Given that the entire process is automated, the workload created by publishing numerous packages resulted in intermittent NPM stability issues by the end of March 2023.

    Several hackers may be behind the campaign, Checkmarx says, and the ultimate goal of the attacks is to infect the victim's system with malware such as RedLine Stealer, Glupteba, Smoke Loader, and XMRig.

    Other links take users through a series of intermediate pages that ultimately redirect to legitimate e-commerce sites, including AliExpress referral links that profit the scammers when the victim makes a purchase on the platform. The third "category" of links invites Russian users to join a Telegram channel specializing in cryptocurrencies.

    The scale of the campaign was not specified, but experts noted that the consequences of the attacks are significant, as the work of NPM became unstable due to the load. To prevent such automated campaigns, Checkmarx has recommended that npm use anti-bot methods during user account creation.

    Author DeepWeb
    Gopuram becomes the main weapon in the attack on cryptocurrency companies
    AlienFox massively steals data from cloud services

    Comments 0

    Add comment