Microsoft Azure Developers Awash in PII-Stealing npm Packages

Researchers discovered hundreds of malicious packages in the npm repository of open-source JavaScript code that were designed to steal personally identifiable information (PII) from Microsoft Azure cloud users in a large-scale typosquatting attack.

Researchers noted in a Wednesday article that it became clear that this was a targeted attack on the full @azure npm scope by an attacker who used an automated script to establish accounts and upload malicious packages that covered the entire scope. The attacker simply builds a new (malicious) package with the same name as an existing @azure scope package but does not include the scope name.

Microsoft Azure Developers Awash in PII-Stealing npm Packages

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Microsoft Azure Developers Awash in PII-Stealing npm Packages

24-Mar-2022

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address