March 10, 2024 at 08:02PM Japanese cybersecurity officials issued a warning about North Korea’s Lazarus Group targeting the PyPI software repository with tainted Python packages, infecting Windows machines with the Comebacker Trojan. Gartner’s Dale Gardner describes Comebacker as a general purpose Trojan. The attack is a form of typosquatting and may disproportionately impact developers in … Read more
February 26, 2024 at 07:39AM Fake npm packages linked to North Korean state-sponsored actors were discovered on the Node.js repository, posing a software supply chain attack. The malicious packages, posing as legitimate ones, installed cryptocurrency and credential stealers. The attackers made efforts to conceal the code and made connections to North Korean threat actors. Vigilance … Read more
January 23, 2024 at 01:05PM Two malicious npm packages, warbeast2000 and kodiak2k, leveraged GitHub to store stolen Base64-encrypted SSH keys. They were discovered and taken down after attracting 412 and 1,281 downloads. The modules run a postinstall script to execute JavaScript files, potentially compromising security. The incident highlights ongoing supply chain security threats. Some key … Read more
January 4, 2024 at 06:24AM Three new malicious packages discovered in the Python Package Index (PyPI) repository can deploy a cryptocurrency miner on affected Linux devices. The packages, modularseven, driftme, and catme, attracted 431 downloads before being removed. They conceal their payload, deploy a CoinMiner executable, and persistently exploit devices, evading detection and security software. … Read more
November 9, 2023 at 09:42AM Malicious Python packages posing as obfuscators are being used to target developers, according to cybersecurity firm Checkmarx. These packages deploy a payload called ‘BlazeStealer’, which allows the attackers to control infected systems and spy on victims. The malware can steal system information, passwords, files, capture screenshots, and even control the … Read more
November 1, 2023 at 08:49AM Threat actors are continuously publishing malicious NuGet packages as part of an ongoing campaign, exploiting code execution capabilities. The campaign, which began in August, has seen hundreds of malicious packages placed in the NuGet repository. The threat actors adapt their tactics, utilizing typosquatting and placing malicious functionality in .targets files … Read more
October 31, 2023 at 10:29AM A new NuGet typosquatting campaign has been discovered that uses malicious packages to exploit Visual Studio’s MSBuild integration and install malware. This campaign targets Windows users and is the first documented case of threat actors leveraging this feature in malicious NuGet packages. The attackers continually refine their techniques, with earlier … Read more
October 31, 2023 at 08:18AM Malicious packages have been discovered on the NuGet package manager, deployed using a lesser-known method. The campaign, ongoing since August 2023, involves rogue packages delivering the SeroXen RAT remote access trojan. The threat actors behind the campaign are persistent, continuously publishing new malicious packages. The packages imitate popular ones and … Read more