- Seven malicious npm packages were published by one threat actor between September and November 2025.
- The threat actor used a cloaking service named Adspect to distinguish real victims from security researchers.
- These packages redirect victims to suspicious crypto-themed websites.
- The packages were attributed to a threat actor going by “dino_reborn”.
Between September and November 2025, Cybersecurity researchers identified seven malicious npm packages published by a single threat actor. These packages were linked to the user “dino_reborn” and are designed to redirect users to questionable crypto-related websites.
The threat actor employs a cloaking service called Adspect, which helps differentiate between genuine victims and security researchers investigating the packages. This selective targeting enhances the chances of deceiving real users while avoiding detection. Npm packages are collections of code published on the Node Package Manager platform, commonly used for software development.
The discovery highlights the increasing use of sophisticated techniques like cloaking to distribute malicious content. By filtering visitors based on their identity, attackers improve their chances of successfully executing scams that target cryptocurrency users.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Europe Eyes Shared Dollar Fund to Reduce Fed Reliance
- Mastercard Launches Username Crypto Transfers on Polygon Network
- Microsoft Thwarts Record 15.72 Tbps IoT Botnet DDoS Attack
- Crypto Market Hits $3.2T; Only 10% of Assets Generate Yield
- AI Bubble, Rate Worries Rattle Wall St; S&P 500, Nasdaq Tumble Hard
