Microsoft has confirmed that a large scale cyberattack is targeting its Azure developers through malicious npm packages. JFrog cybersecurity researchers released a report on Wednesday detailing how hundreds of malicious packages have been identified. The packages were designed to steal personally identifiable information from developers. According to researchers, the campaign was first detected on March 21 and has since grown from roughly 50 malicious packages to over 200 in just days.
JFrog stated that typosquatting has been used as a tactic to dupe developers into downloading the files. The packages contained information stealer malware, according to JFrog, that harvested credentials from the typosquatter. Typosquatting is a form of phishing in which small changes are made to email address, file, or website addresses to mimic a legitimate service. According to researchers, the threat actors are using this tactic to trick targets into believing the packages are legitimate. Malicious packages are creating with the same name as an existing @azure scope package, however, the scope has been dropped to create the malicious content.
Read More: Malicious npm packages target Azure developers to steal personal data