148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
Overview
A recent study by JFrog revealed that 148 npm packages masqueraded as student proxy tools, turning users' browsers into a distributed denial-of-service (DDoS) botnet for about two weeks in May. These packages did not target developers but instead leveraged the npm registry to host a malicious proxy site, attracting students looking to bypass restrictions. Once installed, the packages allowed attackers to harness the computing power of visitors' browsers to launch DDoS attacks. This incident raises concerns about the security of open-source package repositories and highlights the potential risks for users who may unknowingly install compromised software. Developers and users alike need to be vigilant about the packages they choose to install to avoid becoming part of such attacks.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: 148 npm packages
- Action Required: Users should audit their npm packages and remove any suspicious or unknown packages.
- Timeline: Ongoing since May 2023
Original Article Summary
A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site and let the students who came to dodge
Impact
148 npm packages
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Ongoing since May 2023
Remediation
Users should audit their npm packages and remove any suspicious or unknown packages. Developers should ensure they are using trusted sources and consider implementing security measures to verify package integrity.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Malware, Botnet, DDoS.