Evolving NPM Package Campaign Targets Roblox Devs, For Years

September 3, 2024 at 12:17PM Malicious npm packages mimicking “noblox.js” are targeting Roblox developers, stealing Discord tokens and system data, and deploying additional payloads. Checkmarx researchers highlighted the campaign’s use of social engineering tactics like brandjacking and starjacking to appear legitimate. The malware also incorporates novel tactics, such as adding the QuasarRAT and manipulating the … Read more

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

April 23, 2024 at 03:52PM Hackers are exploiting unpublished GitHub and GitLab comments to create convincing phishing links from legitimate open source software projects. They secretly add malware to a repository and obtain a shareable link, even if the comment is deleted. This flaw affects millions of users and can damage the credibility of the … Read more