all InfoSec news
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
Malware Analysis, News and Indicators - Latest topics malware.news
Executive Summary
ReversingLabs researchers recently discovered more than a dozen malicious packages published to the npm open source repository that appear to target application end users while also supporting email phishing campaigns targeting Microsoft 365 users. Some key takeaways from our report:
- The discovery may be the first ‘dual use’ campaign in which malicious open source packages power both commodity phishing attacks and higher end software supply chain compromises.
- The malicious npm packages were discovered in two tranches: One supported …
application attacks campaigns discovery email email phishing end executive fuel key malicious malicious npm malicious packages may microsoft microsoft 365 npm open source packages phishing phishing attacks report repository researchers reversinglabs supply supply chain takeaways target targeting