NPM flooded with malicious packages downloaded more than 86,000 times
6 months ago
- #NPM
- #PhantomRaven
- #Security
- Attackers exploit NPM's Remote Dynamic Dependencies (RDD) to upload 126 malicious packages, downloaded over 86,000 times.
- RDD allows packages to download unvetted dependencies from untrusted domains, bypassing static analysis tools.
- PhantomRaven campaign uses HTTP URLs to fetch malicious dependencies, which remain invisible to developers and security scanners.
- Dependencies are downloaded fresh from attacker servers each time, avoiding caching or versioning checks.
- 80 malicious packages were still available as of the report's publication.