Typosquatting campaign on NPM platform leverages open-source tools | SC Media>
– Steve Zurier
This article is about a new typosquatting campaign on the npm platform that is using open source tools to infect users.
The campaign targets links in order to spread malicious malware.
Users are sent to a confusing web page with JavaScript, which then redirects to a malicious page that changes the page essentials and starts downloading a malicious file.
The threat actors behind this campaign use various npm projects to embed malicious code onto the pages.
The malicious code records user-data and sends it back to the attackers.
The attackers are believed to be selling the stolen data to other criminals.
Users should be aware of typosquatting and look out for suspicious links that can lead them to a malicious page.
Additionally, the article points out the importance of users using security software such as antivirus software to guard against such threats.
Link: https://www.scmagazine.com/news/typosquatting-campaign-on-npm-platform-leverages-open-source-tools