Home/News/148 npm Packages Hijacked Browsers for DDoS Botnet
The Hacker News2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

148 npm Packages Hijacked Browsers for DDoS Botnet

148 npm Packages Hijacked Browsers for DDoS Botnet

A malicious campaign involving 148 npm packages, masquerading as student web proxies, successfully transformed visitors' browsers into a distributed denial-of-service (DDoS) botnet. This operation persisted for approximately two weeks in May, as detailed in recent research from JFrog. The attackers specifically targeted end-users visiting the proxy sites rather than developers who might install the compromised packages.

JFrog's analysis revealed that the operators exploited the npm registry as a free hosting platform for a booby-trapped proxy website. This allowed them to lure students seeking to bypass internet restrictions. Once a user visited the malicious proxy site, their browser was reportedly enlisted into the botnet, contributing to DDoS attacks against unspecified targets. The research did not specify the exact nature of the targets or the scale of the botnet's capacity.

The campaign's discovery highlights ongoing threats within the open-source software supply chain. While the npm registry is a vital resource for developers, it can also be a vector for malicious activities if not adequately monitored. JFrog's security team identified and reported the malicious packages, leading to their removal from the registry. The incident underscores the importance of continuous vigilance and security practices for both package maintainers and users within the JavaScript ecosystem.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next