Over 200 Malicious NPM Packages Caught Targeting Azure Developers

Summary:

A new, large-scale, supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information. The attack refers to what's called typosquatting, which takes place when bad actors push rogue packages with names mimicking legitimate libraries to a public software registry such as NPM or PyPI with the hope of tricking users into installing them. In this specific case observed by the DevSecOps firm, the unknown adversary is said to have created dozens of malicious counterparts with the same name as their existing @azure scope packages but without the scope name (e.g., @azure/core-tracing vs. core-tracing).

Additional Discussion:

Link:

• https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/