A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information.
“After manually inspecting some of these packages, it became apparent that this was a targeted attack against the entire @azure NPM scope, by an attacker that employed an automatic script to create accounts and upload malicious packages that cover the entirety of that scope,” JFrog researchers Andrey Polkovnychenko and Shachar Menashe said in a new report.
The entire set of malicious packages was disclosed to the NPM maintainers roughly two days after they were published, leading to their quick removal, but not before each of the packages were downloaded around 50 times on average.
The attack refers to what’s called typosquatting, which takes place when bad actors push rogue packages with names mimicking legitimate libraries to a public software registry such as NPM or PyPI with the hope of tricking users into installing them.