Antoine Vastel@xopek59Another case of malicious NPM packages: https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/… This time it's targeting Azure devs. Contrary to previous incidents, that's not a popular package that's been compromised. Instead, the attackers are typosquatting the package name.jfrog.comMalicious Packages in npm Targeting Azure DevelopersJFrog discovers hundreds of npm malicious packages in a large-scale typosquatting attack designed to steal PII from Azure developers. Find out more >9:12 AM · Mar 24, 2022·Twitter Web App1 Retweet1 Like
Antoine Vastel@xopek59·Mar 24Replying to @xopek59They created hundreds of packages with the same name as an existing azure scope package, but drops the scope name "@azure". More than 200 packages are impacted. The full list is available at the end of their blog post
