Security · 2h ago
148 npm Packages Hijacked Student Proxies to Build DDoS Botnet
Researchers at JFrog discovered 148 malicious npm packages posing as student web proxies. The packages turned visitors' browsers into a DDoS botnet for two weeks in May. The attackers used npm as free hosting for a booby-trapped proxy site, targeting students bypassing school filters.
Meridian48 take
The campaign shows how open-source registries can be weaponized for large-scale attacks without targeting developers directly.
Read the full reporting
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet →
The Hacker News
npmddos-botnet