A consistent attack on the open-source environment flooded the npm repository with no less than 15,000 spam packages containing phishing links.
In a deceptive provision of free packages with names perfectly coined in an automated process of continuous package generation to suggest such, attackers have gotten vulnerable victims into downloading packages with phishing links that direct them to participate in a false survey or fake referral reward program. The automated process allowed the attackers to generate many packages quickly.
It was noted that the uploads of these packages through several accounts occurred between February 20-21, 2023. It was also discovered that a python script using selenium Python package for website interaction and modification used in the automation process was also programmed to enable the appending of links to published npm packages on WordPress websites operated by the cybercriminals claiming the availability of Family Island cheats among other cheats.
According to Gelb, it reveals the sophistication and determination of these attackers with their willingness to invest enormously in carrying out their actions. He further explained, “The deceptive web pages are well-designed and, in some cases, even include fake interactive chats that appear to reveal users receiving the game cheats or followers they were promised.”
Packages with names such as Instagram-follower-free were created alongside others to have a README.md file containing links to these professionally designed websites mentioned by Gelb. The website prompts victims to fill out a survey to lure them into filling out more surveys or redirect them to a secure and legitimate website that would prevent victims from realizing the reality of their actions.
One significant discovery about the situation is the security challenges experienced by the software supply chain and threat actors’ relentless design of new techniques in carrying out well-coordinated attacks.
