HackerFeeds

CyberSecurity News

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

The Hacker News
· July 14, 2026

AI summary

Researchers at JFrog discovered a campaign involving 148 npm packages that were disguised as student web proxies. These packages were used to turn visitors' browsers into a distributed denial-of-service botnet for about two weeks in May. The packages did not target developers who might install them, instead they were used to host a booby-trapped proxy site. The operators of the campaign relied on students visiting the site to bypass restrictions, unknowingly participating in the botnet. The campaign used the npm registry as free hosting for the proxy site. The botnet was active for a relatively short period of time, roughly two weeks.

Read the full article at The Hacker Newsthehackernews.com/2026/07/148-npm-packages-disguised-as-student.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.