September 3, 2024 at 12:17PM Malicious npm packages mimicking “noblox.js” are targeting Roblox developers, stealing Discord tokens and system data, and deploying additional payloads. Checkmarx researchers highlighted the campaign’s use of social engineering tactics like brandjacking and starjacking to appear legitimate. The malware also incorporates novel tactics, such as adding the QuasarRAT and manipulating the … Read more
August 1, 2024 at 03:47PM Malicious Python packages were added to the PyPI repository and promoted via the StackExchange platform. The code was harmful and posed a threat to users’ systems. Based on the meeting notes, it appears that threat actors have uploaded malicious Python packages to the PyPI repository and promoted them through the … Read more
July 16, 2024 at 06:19AM Cybersecurity researchers discovered two malicious packages on the npm registry containing backdoor code for executing commands from a remote server. The packages, disguised as legitimate libraries, were taken down after being downloaded 190 and 48 times. The code was designed to execute disguised command and control functionality hidden in image … Read more
July 11, 2024 at 11:49AM Threat actors have launched a new wave of malicious packages on the NuGet package manager, using a sophisticated approach to evade detection. The 60 fresh packages demonstrate a refined strategy, employing IL weaving to inject malicious functionality into legitimate .NET binaries. The end goal is to deliver a remote access … Read more
June 6, 2024 at 02:24AM A malicious Python package called crytic-compilers was discovered on the Python Package Index, posing as a legitimate library named crytic-compile. It was designed to deliver an information stealer called Lumma. Additionally, more than 300 WordPress sites have been compromised with malicious Google Chrome update pop-ups, leading to the deployment of … Read more
March 26, 2024 at 01:33PM Threat hunters have flagged the suspicious “SqzrFramework480” package in NuGet, possibly linked to Chinese firm Bozhon Precision. The package contains a DLL file with features for taking screenshots, pinging a remote IP, and transmitting screenshots over a socket. While motives remain unclear, it highlights the risk of concealed malicious code … Read more
March 12, 2024 at 08:27AM Threat hunters have discovered a set of seven malicious packages on PyPI, targeting cryptocurrency wallets by stealing BIP39 mnemonic phrases. The campaign codenamed BIPClip has been active since December 2022 and has raised concerns about supply chain attacks on crypto assets. The attackers have been careful in crafting the packages … Read more
March 10, 2024 at 08:02PM Japanese cybersecurity officials issued a warning about North Korea’s Lazarus Group targeting the PyPI software repository with tainted Python packages, infecting Windows machines with the Comebacker Trojan. Gartner’s Dale Gardner describes Comebacker as a general purpose Trojan. The attack is a form of typosquatting and may disproportionately impact developers in … Read more
February 26, 2024 at 07:39AM Fake npm packages linked to North Korean state-sponsored actors were discovered on the Node.js repository, posing a software supply chain attack. The malicious packages, posing as legitimate ones, installed cryptocurrency and credential stealers. The attackers made efforts to conceal the code and made connections to North Korean threat actors. Vigilance … Read more
January 23, 2024 at 01:05PM Two malicious npm packages, warbeast2000 and kodiak2k, leveraged GitHub to store stolen Base64-encrypted SSH keys. They were discovered and taken down after attracting 412 and 1,281 downloads. The modules run a postinstall script to execute JavaScript files, potentially compromising security. The incident highlights ongoing supply chain security threats. Some key … Read more