Warning: npm Phishing Campaign Targets Node.js Developers

A sophisticated phishing campaign is targeting Node.js developers by impersonating the official npm package registry. The attackers are using the typosquatted domain npnjs.com, which closely resembles the legitimate npmjs.com website by replacing the letter "m" with "n."

This alarming evolution in supply chain attacks aims to compromise high-value developer accounts, potentially affecting millions of downstream projects. The phishing emails spoof the trusted support@npmjs.org address and contain tokenized URLs designed to track victims and pre-fill authentication data.

Attackers appear to be specifically targeting package maintainers with significant reach, as evidenced by one developer who maintains packages with 34 million weekly downloads. The emails include legitimate links to npmjs.com, enhancing their credibility while redirecting login attempts to the malicious site.

 
NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security