{"id":48799,"date":"2022-10-07T15:12:36","date_gmt":"2022-10-07T15:12:36","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/lofygang-100s-malicious-packages-poison-open-source-software"},"modified":"2022-10-07T15:12:36","modified_gmt":"2022-10-07T15:12:36","slug":"lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/","title":{"rendered":"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt3e2ccbe5ae70353c\/628516a123df9062d7421fc0\/Open-source_Ivelin_Radkov_Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The LofyGang threat group is using more than 200 malicious NPM packages with thousands of installations to&nbsp;steal&nbsp;credit card data, and gaming and streaming accounts, before&nbsp;spreading stolen credentials and loot in underground hacking forums.<\/p>\n<p>According to a report from Checkmarx, the cyberattack group&nbsp;has been in operation since 2020, infecting open source supply chains with <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/open-source-code-the-next-major-wave-of-cyberattacks\" target=\"_blank\" rel=\"noopener\">malicious packages<\/a>&nbsp;in an effort to weaponize software applications.<\/p>\n<p>The research team believes the group may have Brazilian origins, owing to the use of Brazilian Portuguese and a file called &#8220;brazil.js.&#8221; which contained malware found in a couple of their malicious packages.<\/p>\n<p>The report also details the group&#8217;s tactic of leaking thousands of Disney+ and Minecraft accounts to an underground hacking community using the alias DyPolarLofy and promoting their hacking tools via GitHub.<\/p>\n<p>&#8220;We saw several classes of malicious payloads, general password stealers, and Discord-specific persistent malware; some were embedded inside the package, and some downloaded the malicious payload during runtime from C2 servers,&#8221; the <a href=\"https:\/\/medium.com\/checkmarx-security\/lofygang-aad0c32d801c\" target=\"_blank\" rel=\"noopener\">Friday report<\/a> noted. <\/p>\n<h2 class=\"regular-text\">LofyGang Operates With Impunity<\/h2>\n<p>The group has deployed tactics including typosquatting, which targets typing mistakes in the open source supply chain, as well as &#8220;StarJacking,&#8221; whereby the package&#8217;s GitHub repo URL is linked to an unrelated legitimate GitHub project.<\/p>\n<p>&#8220;The package managers do not validate the accuracy of this reference, and we see attackers take advantage of that by stating their package&#8217;s Git repository is legitimate and popular, which may trick the victim into thinking this is a legitimate package due to its so-called popularity,&#8221; the report stated. <\/p>\n<p>The ubiquity and success of open source software has made it a ripe target for malicious actors like LofyGang, explains Jossef Harush, head of Checkmarx&#8217;s supply chain security engineering group.<\/p>\n<p>He sees LofyGang&#8217;s key characteristics as including its ability to build a large hacker community, abusing legitimate services as command-and-control (C2) servers, and its efforts in poisoning the open source ecosystem.<\/p>\n<p>This activity continues even after three different reports \u2014 from <a href=\"https:\/\/blog.sonatype.com\/malicious-npm-colors-typosquats-pack-discord-malware\" target=\"_blank\" rel=\"noopener\">Sonatype<\/a>, <a href=\"https:\/\/securelist.com\/lofylife-malicious-npm-packages\/107014\/\" target=\"_blank\" rel=\"noopener\">Securelist<\/a>, and <a href=\"https:\/\/jfrog.com\/blog\/malicious-npm-packages-are-after-your-discord-tokens-17-new-packages-disclosed\" target=\"_blank\" rel=\"noopener\">jFrog<\/a> \u2014 uncovered LofyGang&#8217;s malicious efforts.<\/p>\n<p>&#8220;They remain active and continue to publish malicious packages in the software supply chain arena,&#8221; he says. <\/p>\n<p>By publishing this report, Harush says he hopes to raise awareness of the evolution of attackers, who are now building communities with open source hack tools.<\/p>\n<p>&#8220;Attackers count on victims to not pay enough attention to the details,&#8221; he adds. &#8220;And honestly, even I, with years of experience, would potentially fall for some of those tricks as they seem like legitimate packages to the naked eye.&#8221;<\/p>\n<h2 class=\"regular-text\">Open Source Not Built for Security<\/h2>\n<p>Harush points out that unfortunately the open source ecosystem was not built for security.<\/p>\n<p>&#8220;While anybody can sign up and publish an open source package, no vetting process is in place to check if the package contains malicious code,&#8221; he says. <\/p>\n<p>A recent <a href=\"https:\/\/www.darkreading.com\/application-security\/open-source-software-security-mature\" target=\"_blank\" rel=\"noopener\">report<\/a> from software-security firm Snyk and the Linux Foundation revealed about half of firms have an open source software security policy in place to guide developers in the use of components and frameworks.<\/p>\n<p>However, the report also found that those who have such policies in place generally exhibit better security \u2014 Google is <a href=\"https:\/\/www.darkreading.com\/application-security\/google-cloud-aims-to-share-its-open-source-ecosystem\" target=\"_blank\" rel=\"noopener\">making available<\/a> its process of vetting and patching software for security issues to help close avenues to hackers.<\/p>\n<p>&#8220;We see attackers take advantage of this because it&#8217;s super easy to publish malicious packages,&#8221; he explains. &#8220;The lack of vetting powers in disguising the packages to appear legit with stolen images, similar names, or even referencing other legitimate Git projects&#8217; websites just to see they get the other projects&#8217; stars amount on their malicious packages pages.&#8221;<\/p>\n<h2 class=\"regular-text\">Heading Toward Supply Chain Attacks?<\/h2>\n<p>From Harush&#8217;s perspective, we&#8217;re reaching the point where attackers realize the full potential of the open source supply chain attack surface.<\/p>\n<p>&#8220;I expect open source supply chain attacks to evolve further into attackers aiming to steal not only the victim&#8217;s credit card, but also the victim&#8217;s workplace credentials, such as a GitHub account, and from there, aim for the bigger jackpots of software supply chain attacks,&#8221; he says.<\/p>\n<p>This would include the ability to access a workplace&#8217;s private code repositories, with the capability to contribute code while impersonating the victim, planting backdoors in enterprise grade software, and more. <\/p>\n<p>&#8220;Organizations can protect themselves by properly enforcing their developers with two-factor authentication, educate their software developers to not assume popular open source packages are safe if they appear to have many downloads or stars,&#8221; Harush adds, &#8220;and to be vigilant to suspicious activities in software packages.&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/lofygang-100s-malicious-packages-poison-open-source-software\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/lofygang-100s-malicious-packages-poison-open-source-software\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-48799","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-07T15:12:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt3e2ccbe5ae70353c\/628516a123df9062d7421fc0\/Open-source_Ivelin_Radkov_Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software\",\"datePublished\":\"2022-10-07T15:12:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/\"},\"wordCount\":770,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt3e2ccbe5ae70353c\\\/628516a123df9062d7421fc0\\\/Open-source_Ivelin_Radkov_Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/\",\"name\":\"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt3e2ccbe5ae70353c\\\/628516a123df9062d7421fc0\\\/Open-source_Ivelin_Radkov_Alamy.jpg\",\"datePublished\":\"2022-10-07T15:12:36+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt3e2ccbe5ae70353c\\\/628516a123df9062d7421fc0\\\/Open-source_Ivelin_Radkov_Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt3e2ccbe5ae70353c\\\/628516a123df9062d7421fc0\\\/Open-source_Ivelin_Radkov_Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/","og_locale":"en_US","og_type":"article","og_title":"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-10-07T15:12:36+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt3e2ccbe5ae70353c\/628516a123df9062d7421fc0\/Open-source_Ivelin_Radkov_Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software","datePublished":"2022-10-07T15:12:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/"},"wordCount":770,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt3e2ccbe5ae70353c\/628516a123df9062d7421fc0\/Open-source_Ivelin_Radkov_Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/","url":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/","name":"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt3e2ccbe5ae70353c\/628516a123df9062d7421fc0\/Open-source_Ivelin_Radkov_Alamy.jpg","datePublished":"2022-10-07T15:12:36+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt3e2ccbe5ae70353c\/628516a123df9062d7421fc0\/Open-source_Ivelin_Radkov_Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt3e2ccbe5ae70353c\/628516a123df9062d7421fc0\/Open-source_Ivelin_Radkov_Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/lofygang-uses-100s-of-malicious-npm-packages-to-poison-open-source-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48799"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48799\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}