148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation

Continue reading
You're right. That reads like notes, not a cybersecurity feed. A good threat intelligence feed should flow as a narrative while remaining scannable.
Here's a version with stronger hierarchy, cleaner formatting, and minimal bulleting:
Researchers at JFrog have uncovered 148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation, the campaign targeted end users, silently transforming visitors' browsers into nodes of a distributed DDoS botnet.
This marks a notable shift in software supply chain abuse, where the npm ecosystem was leveraged primarily as a distribution channel instead of an initial infection vector.
The packages advertised themselves as proxy applications designed to help students bypass institutional network restrictions. Once deployed as websites, they loaded hidden JavaScript that established persistent connections with attacker-controlled infrastructure.
Instead of executing malicious code during `npm install`, the payload was delivered only when users visited the hosted applications, allowing the attackers to recruit browser sessions into a browser-native botnet.
The campaign remained active for approximately two weeks before researchers observed the DDoS functionality being disabled.
Unlike conventional npm supply chain attacks that aim to steal developer credentials, cryptocurrency wallets, or CI/CD secrets, this operation weaponized website visitors.
No malware installation was required.
No elevated privileges were needed.
A browser tab alone became sufficient to contribute bandwidth and compute resources toward distributed denial-of-service attacks.
That significantly reduces the visibility of traditional endpoint security tools while enabling attackers to scale their infrastructure with minimal operational cost.
Although the active DDoS functionality has since been removed, researchers found that the packages still reference a mutable remote code branch.
This architectural decision means the operators can reintroduce malicious functionality remotely without publishing a new npm version, leaving anyone who continues hosting these projects exposed to future payload updates.
Organizations should treat this incident as another reminder that supply chain risk extends well beyond installation-time malware.
Review JavaScript projects for dynamically loaded remote code, continuously audit third-party dependencies, enforce integrity verification wherever possible, and monitor publicly exposed web applications for unexpected outbound communications.
The campaign also reinforces an emerging trend: attackers are increasingly exploiting the trust placed in open-source ecosystems to compromise users further downstream, rather than focusing exclusively on developers.
This is much closer to the style used by feeds like BleepingComputer, The Hacker News, RedDrip, vx-underground, or Horizon3, where the content reads like a concise intelligence brief rather than a list of bullets.

A security researcher demonstrated how three patched OpenClaw vulnerabilities can be chained from a WhatsApp message to achieve credential theft, sandbox escape, and host-level code execution, exposing architectural risks in AI agents.