On September 8, 2025, a coordinated phishing campaign targeted high-profile NPM developers, successfully compromising accounts, including that of developer Josh Junon. This breach showcased the vulnerability of the JavaScript ecosystem to sophisticated social engineering and domain manipulation tactics, as the phishing emails masqueraded as urgent account security updates. The compromised packages were downloaded nearly 2.8 billion times weekly, marking this incident as one of the most significant supply chain threats in NPM’s history.
Threat actors not only harvested credentials but also inserted JavaScript clipper malware into several popular NPM packages, enabling them to divert cryptocurrency transactions invisibly. The malware monitored users’ cryptocurrency interactions and replaced wallet addresses with those controlled by the attackers. The detection of this threat was aided by Group-IB’s Business Email Protection platform, which utilized multi-layer analysis techniques to identify the phishing campaign. Following remediation efforts, affected packages were reverted to clean versions, restoring developers’ account control and mitigating further threats from this sophisticated attack.
👉 Pročitaj original: Cyber Security News
