March 25, 2024 at 02:13PM The Top.gg Discord bot community, with over 170,000 members, has been targeted by a supply-chain attack aiming to deliver malware for data theft and monetization. The attacker used various tactics, including hijacking GitHub accounts and distributing malicious Python packages. This campaign compromised user data from various platforms, highlighting the risks … Read more
January 22, 2024 at 07:18AM Cybersecurity researchers have uncovered a new Java-based information stealer, NS-STEALER, which uses a Discord bot to extract sensitive data from compromised systems. The malware disguises itself as cracked software within ZIP archives and exfiltrates data to a Discord Bot channel. The threat actors behind the Chaes malware have released an … Read more
November 9, 2023 at 06:16PM Malicious Python packages masquerading as code obfuscation tools are targeting developers through the PyPI code repository. Known as “BlazeStealer,” the malware can steal data, launch keyloggers, encrypt files, and execute commands. Hackers target developers engaged in code obfuscation due to the valuable and sensitive information they work with. BlazeStealer is … Read more
November 9, 2023 at 09:42AM Malicious Python packages posing as obfuscators are being used to target developers, according to cybersecurity firm Checkmarx. These packages deploy a payload called ‘BlazeStealer’, which allows the attackers to control infected systems and spy on victims. The malware can steal system information, passwords, files, capture screenshots, and even control the … Read more
November 8, 2023 at 08:27AM A set of malicious Python packages, disguised as obfuscation tools, have been discovered on the Python Package Index (PyPI) repository. The packages contain a malware called BlazeStealer, which allows attackers to gain control over compromised systems. The campaign began in January 2023 and includes eight packages. The malware can steal … Read more