Skip to Content

Phishing campaign floods package repositories

Updated on 2022-12-15

Some threat actors uploaded 144,294 phishing-related packages on open-source repositories, including NuGet (136,258), npm (212), and PyPI (7,894), posing supply chain risks. Read more: HOW 140K NUGET, NPM, AND PYPI PACKAGES WERE USED TO SPREAD PHISHING LINKS

Overview: Phishing campaign floods package repositories

Checkmarx and Illustria published a joint report on a ginormous phishing campaign that flooded the NuGet, NPM, and PyPi package repositories with more than 144,000 packages. Most of the packages used names related to hacking, cheats, and free resources and contained links in their description that redirected users to phishing sites.

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on