Researchers discovered hundreds of malicious packages in the npm repository of open-source JavaScript code that were designed to steal personally identifiable information (PII) from Microsoft Azure cloud users in a large-scale typosquatting attack.
Researchers noted in a Wednesday article that it became clear that this was a targeted attack on the full @azure npm scope by an attacker who used an automated script to establish accounts and upload malicious packages that covered the entire scope. The attacker simply builds a new (malicious) package with the same name as an existing @azure scope package but does not include the scope name.