175 Malicious npm Packages: A Comedy of Credential Errors!

Cybersecurity researchers have detected 175 malicious npm packages in a phishing campaign named Beamglea, targeting over 135 companies. These packages, downloaded 26,000 times, exploit npm and UNPKG to host infrastructure for credential harvesting. Developers see no threat, but victims are redirected to phishing sites, highlighting the evolving tactics of threat actors.

3P
Published: October 10, 2025 11:18 amAdded: October 10, 2025 at 4:47 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that the npm registry was moonlighting as a phishing assistant? It’s like finding out your friendly neighborhood cat is actually masterminding a global credential-harvesting campaign. Hold on to your keyboards, developers – it’s getting wild out there!

Key Points:

  • 175 malicious npm packages acting as infrastructure for a phishing campaign named Beamglea.
  • Packages have been downloaded 26,000 times, targeting over 135 companies globally.
  • Packages use npm’s public registry and unpkg.com’s CDN to host redirect scripts.
  • HTML files masquerade as legitimate documents to redirect victims to phishing sites.
  • Attack leverages npm and UNPKG without direct malicious execution upon installation.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?