BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The npm repositories flooded with malicious packages that lead to a DoS attack

    And what about Aliexpress and Telegram channels about cryptocurrency?

    Information security company Checkmarx reports that attackers are distributing fake packages in npm repositories that lead to a DoS attack.

    Cybercriminals publish empty packages with links to pre-created malicious sites. The attack is based on the fact that open source repositories have trust among users and rank higher in search results. Hackers use this to create fraudulent sites and download empty npm modules with links to these sites in "README.md" files.

    Each package contains nothing but a "readme" file, which is displayed on the package page and contains a unique short link to the scam site with the context of the original npm package.

    The load generated by automated scripts made NPM unstable due to sporadic "Service Unavailable" errors.

    “Because open source ecosystems enjoy a high reputation in search engines, any new packages and their descriptions inherit this good reputation and are well indexed by search engines, making them more visible to unsuspecting users,” Checkmarx explained.

    Given that the entire process is automated, the workload created by publishing numerous packages resulted in intermittent NPM stability issues by the end of March 2023.

    Several hackers may be behind the campaign, Checkmarx says, and the ultimate goal of the attacks is to infect the victim's system with malware such as RedLine Stealer, Glupteba, Smoke Loader, and XMRig.

    Other links take users through a series of intermediate pages that ultimately redirect to legitimate e-commerce sites, including AliExpress referral links that profit the scammers when the victim makes a purchase on the platform. The third "category" of links invites Russian users to join a Telegram channel specializing in cryptocurrencies.

    The scale of the campaign was not specified, but experts noted that the consequences of the attacks are significant, as the work of NPM became unstable due to the load. To prevent such automated campaigns, Checkmarx has recommended that npm use anti-bot methods during user account creation.

    Author DeepWeb
    Gopuram becomes the main weapon in the attack on cryptocurrency companies
    AlienFox massively steals data from cloud services

    Comments 0

    Add comment