PR3MIUM
Senior Member
NPM Spam Packages:
More than half of all new packages that are currently (29 Mar 2023) being submitted to npm are SEO spam. That is - empty packages, with just a single README file that contains links to various malicious websites.
Most of the spam packages detected by Sandworm come from a single Telegram channel that seems to be targeting Russian-speaking people. Package names are set to match searches on various sensitive topics,
like the war in Ukraine or investment decisions made by Gazprom. The package description, however, reads:
Source: https://blog.sandworm.dev/one-in-two-new-npm-packages-is-seo-spam-right-now
More than half of all new packages that are currently (29 Mar 2023) being submitted to npm are SEO spam. That is - empty packages, with just a single README file that contains links to various malicious websites.
Most of the spam packages detected by Sandworm come from a single Telegram channel that seems to be targeting Russian-speaking people. Package names are set to match searches on various sensitive topics,
like the war in Ukraine or investment decisions made by Gazprom. The package description, however, reads:
Forget about financial problems forever: a new method of earning will allow you to earn millions without leaving your home!"
Source: https://blog.sandworm.dev/one-in-two-new-npm-packages-is-seo-spam-right-now