MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
packages
Search

Crims poison 150K+ npm packages with token-farming malware

Friday November 14, 2025. 07:22 PM , from TheRegister
Amazon spilled the TEA
Yet another supply chain attack has hit the npm registry in what Amazon describes as 'one of the largest package flooding incidents in open source registry history' - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.…
Read more at TheRegister
https://go.theregister.com/feed/www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_po...

Related News

packages Microsoft Warns Its Windows AI Feature Brings Data Theft and Malware Risks, and 'Occasionally May Hallucinate' SlashdotNov 23
npm LLM-generated malware is improving, but don't expect autonomous attacks tomorrow TheRegisterNov 20
crims Microsoft warns its new “AI” agents in Windows can install malware OS NewsNov 19
registry Microsoft warns that Windows 11's AI could install malware BoingBoingNov 18
amazon [$] Pouring packages with Homebrew LWN.netNov 18
malware Advanced SystemCare Ultimate 18 launches with Safe Folder and wider malware protection BetaNewsNov 18
poison North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes InfoWorldNov 17
token-farming Security Researchers Spot 150,000 Function-less npm Packages in Automated 'Token Farming' Scheme SlashdotNov 16
packages Spam flooding npm registry with token stealers still isn’t under control InfoWorldNov 15
npm Rhadamanthys malware admin rattled as cops seize a thousand-plus servers TheRegisterNov 13
crims Attackers turned Citrix, Cisco 0-day exploits into custom-malware hellscape TheRegisterNov 12
registry Bank of America Faces Lawsuit Over Alleged Unpaid Time for Windows Bootup, Logins, and Security Token Requests SlashdotNov 8
amazon Cybercrims plant destructive time bomb malware in industrial .NET extensions TheRegisterNov 7
malware Malicious npm packages contain Vidar infostealer InfoWorldNov 7
poison Gootloader malware back for the attack, serves up ransomware TheRegisterNov 6
token-farming Malware-pwned laptop gifts cybercriminals Nikkei's Slack TheRegisterNov 6
packages Attackers abuse Gemini AI to develop ‘Thinking Robot’ malware and data processing agent for spying purposes TheRegisterNov 5
npm Russian spies pack custom malware into hidden VMs on Windows machines TheRegisterNov 4
crims Invasion of the message body snatchers! Teams flaw allowed crims to impersonate the boss TheRegisterNov 4
registry OpenAI API moonlights as malware HQ in Microsoft’s latest discovery TheRegisterNov 4
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Dec, Fri 5 - 08:04 CET