Platforms Flooded with 144000 Phishing Packages – Infosecurity Magazine

A phishing group has uploaded over 144,000 malicious open source packages to three open source repositories, in a major new automated campaign, according to Checkmarx.

Working with fellow security vendor Illustria, the firm first discovered the campaign a few months ago when it noticed large clusters of packages published to the NuGet package manager.

It discovered 135,000 such packages were uploaded by the same threat actor to the same platform, with a further 212 on npm and 7824 on PyPi.

The packages in question featured phishing links designed to harvest victims’ email address, username and passwords for various accounts. Some also took victims to legitimate sites like e-commerce marketplace AliExpress, which generated referral fees for the threat actors.

“The messages in these packages attempt to entice readers into clicking links with promises of game cheats, free resources and increased followers and likes on social media platforms like TikTok and Instagram,” said Checkmarx.

“…

Read Full Story: https://news.google.com/__i/rss/rd/articles/CBMiTWh0dHBzOi8vd3d3LmluZm9zZWN1cml0eS1tYWdhemluZS5jb20vbmV3cy9wbGF0Zm9ybXMtZmxvb2RlZC0xNDQwMDAtcGhpc2hpbmcv0gEA?oc=5

The post Platforms Flooded with 144000 Phishing Packages – Infosecurity Magazine first appeared on SEO, Marketing and Social News | OneSEOCompany.com.

source: https://news.oneseocompany.com/2022/12/15/platforms-flooded-with-144000-phishing-packages-infosecurity-magazine_2022121537593.html

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.