Malicious npm Packages Exploit Phishing to Steal Login Credentials

December 29, 2025 at 09:44 AM

•

1 min read

Malicious npm Packages Exploit Phishing to Steal Login Credentials — Photo: The Hacker News

TL;DR Summary

Cybersecurity researchers uncovered a targeted spear-phishing campaign using 27 malicious npm packages to host browser-based phishing lures mimicking document-sharing portals and Microsoft sign-in pages, primarily targeting organizations in critical infrastructure sectors across multiple countries. The campaign leverages package CDNs for resilient hosting, employs anti-analysis techniques, and hard-codes specific email addresses, with the goal of stealing login credentials. The activity highlights ongoing threats in the software supply chain, emphasizing the need for stringent dependency verification and monitoring.

Topics:technology #credential-theft #cyberattack #cybersecurity #malicious-software #npm-packages #phishing

Share this article

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials The Hacker News

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 4 min read

Condensed

90%

780 → 76 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights