• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Platforms Flooded with 144,000 Phishing Packages

You are here: Home / General Cyber Security News / Platforms Flooded with 144,000 Phishing Packages
December 15, 2022

A phishing group has uploaded about 144,000 destructive open up supply packages to a few open supply repositories, in a important new automated marketing campaign, according to Checkmarx.

Operating with fellow security seller Illustria, the business initial discovered the marketing campaign a several months in the past when it seen significant clusters of offers published to the NuGet package manager.

It identified 135,000 such deals had been uploaded by the exact threat actor to the similar system, with a even more 212 on npm and 7824 on PyPi.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The deals in issue highlighted phishing inbound links intended to harvest victims’ email tackle, username and passwords for different accounts. Some also took victims to legitimate web sites like e-commerce market AliExpress, which created referral expenses for the menace actors.

“The messages in these deals endeavor to entice audience into clicking hyperlinks with guarantees of game cheats, totally free resources and greater followers and likes on social media platforms like TikTok and Instagram,” said Checkmarx.

“The phishing campaign joined to more than 65,000 distinctive URLs on 90 domains, with just about every domain hosting various phishing webpages below distinct paths. The deceptive webpages are properly-intended and, in some circumstances, even include things like bogus interactive chats that show up to clearly show buyers getting the cheats or followers they were being promised.”

Checkmarx claimed that the team needed to enhance the search motor optimization (Seo) of its phishing web-sites by linking them to legitimate web sites like NuGet.

A higher degree of automation was the vital to the campaign, it included.

“This permitted them to publish a big number of deals in a small interval of time, creating it complicated for the diverse security groups to identify and get rid of the deals rapidly,” concluded Checkmarx.

“Automating the approach also allowed the attackers to produce a significant range of user accounts, earning it hard to trace the source of the attack. This shows the sophistication and perseverance of these attackers, who were inclined to commit substantial means in buy to have out this campaign.”

Whilst the offending offers have been unlisted from NuGet’s lookup benefits, they are continue to accessible on the web-site, Checkmarx warned.


Some sections of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «hackers bombard open source repositories with over 144,000 malicious packages Hackers Bombard Open Source Repositories with Over 144,000 Malicious Packages
Next Post: Top 5 Web App Vulnerabilities and How to Find Them top 5 web app vulnerabilities and how to find them»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.