Malicious npm proxies turned browsers into a short-lived DDoS botnet
Source headline: 148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
Intelligence Summary
A campaign using 148 npm packages disguised as student web proxies was linked to a browser-based DDoS botnet. The malicious packages abused visitors who loaded the proxy site hosted via the npm registry. The activity reportedly ran for about two weeks in May before being stopped. JFrog’s research indicates the packages were designed to disrupt end users rather than target the developers who published them. Users and organizations should review npm dependencies, pin versions, and monitor for suspicious proxy-related packages.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.