And what about Aliexpress and Telegram channels about cryptocurrency?
Information security company Checkmarx reports that attackers are distributing fake packages in npm repositories that lead to a DoS attack.
Cybercriminals publish empty packages with links to pre-created malicious sites. The attack is based on the fact that open source repositories have trust among users and rank higher in search results. Hackers use this to create fraudulent sites and download empty npm modules with links to these sites in "README.md" files.
Each package contains nothing but a "readme" file, which is displayed on the package page and contains a unique short link to the scam site with the context of the original npm package.
The load generated by automated scripts made NPM unstable due to sporadic "Service Unavailable" errors.
“Because open source ecosystems enjoy a high reputation in search engines, any new packages and their descriptions inherit this good reputation and are well indexed by search engines, making them more visible to unsuspecting users,” Checkmarx explained.
Given that the entire process is automated, the workload created by publishing numerous packages resulted in intermittent NPM stability issues by the end of March 2023.
Several hackers may be behind the campaign, Checkmarx says, and the ultimate goal of the attacks is to infect the victim's system with malware such as RedLine Stealer, Glupteba, Smoke Loader, and XMRig.
Other links take users through a series of intermediate pages that ultimately redirect to legitimate e-commerce sites, including AliExpress referral links that profit the scammers when the victim makes a purchase on the platform. The third "category" of links invites Russian users to join a Telegram channel specializing in cryptocurrencies.
The scale of the campaign was not specified, but experts noted that the consequences of the attacks are significant, as the work of NPM became unstable due to the load. To prevent such automated campaigns, Checkmarx has recommended that npm use anti-bot methods during user account creation.