Microsoft Azure Developers Awash in PII-Stealing npm Packages

windows azure linux

A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.

Researchers have found hundreds of malicious packages in the npm repository of open-source JavaScript code, designed to steal personally identifiable information (PII) in a large-scale typosquatting attack against Microsoft Azure cloud users.

That’s according to the JFrog Security Research team, which said that the set of packages appeared earlier this week and steadily grew since then, from about 50 packages to more than 200.

Typosquatting refers to the practice of naming a malicious copycat file, package, web address and so on with a name that is so similar to an existing legitimate offering that the casual observer might not notice the difference. An example of typosquatting would be using “” (the second “o” is actually a zero) to lure in victims to a watering hole – obviously trying to masquerade as the ubiquitous search engine.

Infosec Insiders Newsletter

In this case, the cyberattackers were pretending to offer a key set of existing, legitimate packages for Azure.

“It became apparent that this was a targeted attack against the entire @azure npm scope, by an attacker that employed an automatic script to create accounts and upload malicious packages that cover the entirety of that scope,” researchers said in a Wednesday posting. “The attacker simply creates a new (malicious) package with the same name as an existing @azure scope package, but drops the scope name.”

Npm scopes are a way of grouping related packages together. JFrog found that besides the @azure scope, other popular package groups were also targeted, including @azure-rest, @azure-tests, @azure-tools and @cadl-lang.

The researchers added, “The attacker is relying on the fact that some developers may erroneously omit the @azure prefix when installing a package. For example, running npm install core-tracing by mistake, instead of the correct command – npm install @azure/core-tracing.”

The attacker also tried to hide the fact that all of the malicious packages were uploaded by the same author, “by creating a unique user (with a randomly-generated name) per each malicious package uploaded,” according to JFrog.

Npm: Ripe for Software Supply-Chain Attacks

Unfortunately, while JFrog reported the packages for removal from npm itself, developers could have pulled in the malicious code to any number of applications that are still threatening Azure users.

Npm is the most oft-downloaded JavaScript package repository used by developers to build web applications, and as such, has been increasingly targeted by malicious actors to carry out software supply-chain attacks. Any app using a malicious code block could be serving up data theft to its users (as in this particular case), or other threats like cryptojacking, botnet delivery and more.

In this campaign, the number of Azure applications that could bring misery to users could be high, JFrog researchers warned.

“Since this set of legitimate packages is downloaded tens of millions of times each week, there is a high chance that some developers will be successfully fooled by the typosquatting attack,” researchers warned. From JFrog’s assessment, the package-download numbers averaged around 50 downloads per malicious package.

Due to the scale of the attack, it is obvious that the attacker used a script to upload the malicious packages, they added – which shines a spotlight on the fact that code repositories and package managers could be doing more to protect the software supply chain.

“Due to the meteoric rise of supply-chain attacks, especially through the npm and PyPI package repositories, it seems that more scrutiny and mitigations should be added [by package managers],” according to JFrog. “For example, adding a CAPTCHA mechanism on npm user creation would not allow attackers to easily create an arbitrary amount of users from which malicious packages could be uploaded, making attack identification easier (as well as enabling blocking of packages based on heuristics on the uploading account).”

Npm for PII Theft & Reconnaissance

From a technical standpoint, JFrog found that the malicious code runs automatically once the package is installed, hoovering up the user’s username, home directory, current working directory, IP addresses of all network interfaces, IP addresses of configured DNS servers and the name of the (successful) attacking package.

The intentions of the author remain somewhat unclear, researchers added.

“We suspect that this malicious payload was either intended for initial reconnaissance on vulnerable targets (before sending a more substantial payload) or as a bug-bounty hunting attempt against Azure users (and possibly Microsoft developers),” they said.

Protecting Azure Apps from Malicious Packages

Azure developers should examine their code for malicious dependencies that could have been imported this week, removing any that they find. JFrog noted that this could be done fairly efficiently.

“Make sure your installed packages are the legitimate ones, by checking that their name starts with the @azure* scope,” they explained.

They added, this can be done by changing the current directory to the npm project in need of testing, and running the following command:

npm list | grep -f packages.txt, where “packages.txt” contains the full list of affected packages.

The full list of malicious packages can be found in JFrog’s appendix to its posting on the attack.

Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our FREE downloadable eBook, “Cloud Security: The Forecast for 2022.” We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.


Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business