• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Platforms Flooded with 144,000 Phishing Packages

You are here: Home / General Cyber Security News / Platforms Flooded with 144,000 Phishing Packages
December 15, 2022

A phishing group has uploaded about 144,000 destructive open up supply packages to a few open supply repositories, in a important new automated marketing campaign, according to Checkmarx.

Operating with fellow security seller Illustria, the business initial discovered the marketing campaign a several months in the past when it seen significant clusters of offers published to the NuGet package manager.

It identified 135,000 such deals had been uploaded by the exact threat actor to the similar system, with a even more 212 on npm and 7824 on PyPi.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The deals in issue highlighted phishing inbound links intended to harvest victims’ email tackle, username and passwords for different accounts. Some also took victims to legitimate web sites like e-commerce market AliExpress, which created referral expenses for the menace actors.

“The messages in these deals endeavor to entice audience into clicking hyperlinks with guarantees of game cheats, totally free resources and greater followers and likes on social media platforms like TikTok and Instagram,” said Checkmarx.

“The phishing campaign joined to more than 65,000 distinctive URLs on 90 domains, with just about every domain hosting various phishing webpages below distinct paths. The deceptive webpages are properly-intended and, in some circumstances, even include things like bogus interactive chats that show up to clearly show buyers getting the cheats or followers they were being promised.”

Checkmarx claimed that the team needed to enhance the search motor optimization (Seo) of its phishing web-sites by linking them to legitimate web sites like NuGet.

A higher degree of automation was the vital to the campaign, it included.

“This permitted them to publish a big number of deals in a small interval of time, creating it complicated for the diverse security groups to identify and get rid of the deals rapidly,” concluded Checkmarx.

“Automating the approach also allowed the attackers to produce a significant range of user accounts, earning it hard to trace the source of the attack. This shows the sophistication and perseverance of these attackers, who were inclined to commit substantial means in buy to have out this campaign.”

Whilst the offending offers have been unlisted from NuGet’s lookup benefits, they are continue to accessible on the web-site, Checkmarx warned.


Some sections of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «hackers bombard open source repositories with over 144,000 malicious packages Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages
Next Post: Top 5 Web App Vulnerabilities and How to Find Them top 5 web app vulnerabilities and how to find them»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.