CyberSum logo
Back

Phishing Campaign Beamglea Targets Industrial Firms

Cyber Security News by CyberSum.net
2 sources
Socket’s Threat Research Team has uncovered a sprawling phishing campaign dubbed 'Beamglea' leveraging 175 malicious npm packages with over 26,000 downloads. These packages redirect victims to credential-harvesting pages, targeting over 135 industrial, technology, and energy companies. The campaign uses npm’s public registry and unpkg.com’s CDN to host redirect scripts, which are embedded in HTML lures themed as purchase orders or project documents. The JavaScript payload runs when the HTML file is opened, appending the victim’s email to a URL fragment to avoid server log capture. Automated tooling written in Python streamlines package generation and publication. Defenders are advised to treat any detection of these IOCs as an active breach and implement immediate and long-term mitigations.

Also Read

Winos 4.0 Malware Expands Reach with HoldingHands RAT

The threat actors behind Winos 4.0 malware have expanded their targeting to include new regions, using phishing emails with malicious PDFs to deliver HoldingHands RAT. This campaign, linked to an aggressive cybercrime group, employs SEO poisoning and fake websites to spread the malware. Recent attacks have utilized taxation-themed documents and fake landing pages to deceive recipients into downloading the RAT, which can capture sensitive information and run arbitrary commands.

By Cyber Security News by CyberSum.net