New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study


Deluge of Fake Packages Cause DoS Attack on npm

April 12, 2023

Last week Checkmarx Security detailed the attack that led to a temporary Denial of Service (DoS) on the Node.js package repository npm in March. Threat actors uploaded hundreds of thousands of fake packages in a type of SEO-poisoning attack that relies on the reputation of package managers to place the bogus packages at the top of search results. The packages are empty, only containing a README with further instructions for infection. The sheer number of packages uploaded caused a DoS, nearly doubling the number of package updates that npm normally sees. The follow-on payloads consisted of information stealers, cryptocurrency miners, and malware loaders, as well as a referral scam using AliExpress and a crypt scam using a Russian-language Telegram channel.

Analyst Notes

Companies have several options for protecting against these types of supply chain attacks. If roles have been effectively assigned, a web proxy could limit access to repositories to just developers and administrators, reducing the attack surface. Additionally, keeping detection and response software (EDR, MDR, XDR, etc.) up-to-date will help catch malware that has been previously identified or performs suspicious or unusual actions.