CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Credential Phishing Campaign Using 175 Malicious npm Packages

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A credential phishing campaign, codenamed Beamglea, has targeted over 135 industrial, technology, and energy companies worldwide. The campaign utilized 175 malicious npm packages, collectively downloaded 26,000 times, to host redirect scripts that lead victims to credential harvesting pages. The packages exploit npm's public registry and UNPKG's CDN to distribute HTML payloads designed to capture Microsoft credentials. The campaign leverages legitimate infrastructure to create a resilient phishing operation that is difficult to detect and mitigate. The packages do not execute malicious code upon installation, making them harder to identify. The HTML files, disguised as legitimate documents, redirect victims to phishing sites that pre-fill email fields, increasing the likelihood of successful credential theft.

Timeline

  1. 10.10.2025 13:45 1 articles · 5d ago

    175 Malicious npm Packages Used in Credential Phishing Campaign

    A credential phishing campaign, codenamed Beamglea, has been identified using 175 malicious npm packages. These packages, downloaded 26,000 times, exploit npm's public registry and UNPKG's CDN to host redirect scripts that lead victims to credential harvesting pages. The campaign targets over 135 companies in industrial, technology, and energy sectors. The packages do not execute malicious code upon installation, making them harder to detect. The HTML files, disguised as legitimate documents, redirect victims to phishing sites that pre-fill email fields, increasing the likelihood of successful credential theft.

    Show sources
    Open in new tab

Information Snippets