Crook appears to be ramping up NPM crypto-mining campaign
— 300 javascript packages automatically created, Crook, Told, Lili automatically created hundreds, Lines, Lili, Tracker available, 283 packages, Npm accounts, Designed — 1 min read
Researchers say 1,283 packages and 1,027 user accounts created on NPM could be the first step in a major crypto-mining campaign. Attack dubbed CuteBoi because of the use of "cute" in the username hardcoded in many of the packages' configuration files and a non-random NPM username cloudyboi12. Attack comes as another software supply-chain attack, dubbed IconBurst, made involved NPM JavaScript packages and typo-squatting. It's pretty much along the same lines as the supply chain attacks involving SolarWinds and Kaseya. Verizon noted in its 2022 Data Breach Investigations Report that supply chain-based intrusions account for about 10 percent of all cybersecurity incidents. NPM attacks are increasingly being adopted by financially motivated crime groups. Source