An ongoing typosquatting campaign is exploiting popular JavaScript libraries, tricking developers into installing malware disguised as legitimate packages, with a reliance on Ethereum for control.
Using blockchain technology for the command infrastructure represents a new approach for npm supply chain attacks, making traditional command-and-control blocking ineffective, thus complicating detection.
Typosquatting involves publishing malicious npm packages that resemble legitimate ones, preying on user typos in popular libraries like Puppeteer, resulting in widespread infection risks.
Researchers from Phylum and Socket warned of 287 malicious typosquats targeting popular libraries, including Puppeteer and husky, that provide attackers with persistent access through malware.
Collection
[
|
...
]