A large-scale, automated typosquatting assault has flooded the NPM code repository with 200+ malicious packages targeting popular Azure scopes.
Researchers discovered hundreds of malicious packages in the npm repository of open-source JavaScript code. These are designed to steal personally identifiable information (PII) from Microsoft Azure cloud users in a large-scale typosquatting attack.
According to the JFrog Security Research team, the collection of packages first appeared earlier this week and has slowly grown since then, from around 50 to over 200. Other popular package groups were also targeted including @azure-rest, @azure-tests, @azure-tools, and @cadl-lang.
Read More: https://threatpost.com/microsoft-azure-developers-pii-stealing-npm-packages/179096/