According to research conducted by Phylum, well-known open-source node package manager (NPM) registries are currently facing massive attacks targeting malicious packages, with 287 detected so far.
The hackers exploit typos in legitimate package names through typosquatting, aiming to infect systems of developers who depend on these registries for their coding needs.
The malicious packages utilize a sophisticated method to conceal their origins by contacting an Ethereum smart contract instead of revealing their true IP address.
Once installed, these rogue packages often masquerade as Vercel packages, executing hidden payloads that persist across system reboots and collect sensitive system information.
Collection
[
|
...
]