Hackers Flood NPM with Bogus Packages Causing a DoS Attack – The Hacker News

Threat actors are flooding the npm open source package repository with bogus packages that briefly even resulted in a denial-of-service (DoS) attack.

“The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-source ecosystems’ good reputation on search engines,” Checkmarx’s Jossef Harush Kadouri said in a report published last week.

“The attacks caused a denial-of-service (DoS) that made NPM unstable with sporadic ‘Service Unavailable’ errors.”

While similar campaigns were recently observed propagating phishing links, the latest wave pushed the number of package versions to 1.42 million, a dramatic uptick from the approximate 800,000 packages released on npm.

The attack technique leverages the fact that open source repositories are ranked higher on search engine results to create rogue websites and upload empty npm modules with links to those sites in the README.md files.

“Since the open source…

Read Full Story: https://news.google.com/rss/articles/CBMiTGh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vMjAyMy8wNC9oYWNrZXJzLWZsb29kLW5wbS13aXRoLWJvZ3VzLXBhY2thZ2VzLmh0bWzSAQA?oc=5

The post Hackers Flood NPM with Bogus Packages Causing a DoS Attack – The Hacker News first appeared on SEO, Marketing and Social News | OneSEOCompany.com.

source: https://news.oneseocompany.com/2023/04/10/hackers-flood-npm-with-bogus-packages-causing-a-dos-attack-the-hacker-news_2023041043283.html

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.