Updated on 2022-12-15
Some threat actors uploaded 144,294 phishing-related packages on open-source repositories, including NuGet (136,258), npm (212), and PyPI (7,894), posing supply chain risks. Read more: HOW 140K NUGET, NPM, AND PYPI PACKAGES WERE USED TO SPREAD PHISHING LINKS
Overview: Phishing campaign floods package repositories
Checkmarx and Illustria published a joint report on a ginormous phishing campaign that flooded the NuGet, NPM, and PyPi package repositories with more than 144,000 packages. Most of the packages used names related to hacking, cheats, and free resources and contained links in their description that redirected users to phishing sites.