December 5, 2024 at 06:16PM Compromised versions of the @solana/web3.js JavaScript library were distributed via npm, allowing attackers to insert malicious code and steal private keys. The breach affected users during a specific timeframe, resulting in an estimated loss of $130K. Two affected versions have since been unpublished, and investigations are ongoing. ### Meeting Takeaways … Read more
November 22, 2024 at 05:08PM Two malicious Python packages falsely marketed as tools for ChatGPT and Claude contained an infostealer named “JarkaStealer.” Designed to lure developers, they masqueraded as legitimate APIs but ultimately compromised users’ data. Over 1,700 downloads occurred before the packages were removed following discovery by Kaspersky researchers. Here are the key takeaways … Read more
November 16, 2024 at 02:16AM Switzerland’s NCSC warned citizens about malware spread through fake letters from the Federal Office of Meteorology, promoting a dangerous “Severe Weather Warning App.” The app, a malicious imitation of Alertswiss, contains the Coper trojan, targeting banking credentials. This method of delivery via postal service is unprecedented, indicating targeted spear-phishing efforts. … Read more
November 14, 2024 at 06:47AM A new zero-day vulnerability in Windows has been exploited by Russia, allowing execution through file deletion, drag-and-drop actions, or right-click commands. **Meeting Takeaways:** 1. **Zero-Day Vulnerability**: A new zero-day vulnerability in Windows has been identified. 2. **Exploit Execution**: – The exploit can be executed through specific user actions, including: – … Read more
November 7, 2024 at 05:04AM A malicious package named “fabrice” on PyPI has stealthily stolen AWS credentials from developers for over three years, with over 37,100 downloads. It exploits trust in the legitimate library “fabric,” using various payloads to execute attacks on both Linux and Windows systems, facilitating credential theft. ### Meeting Takeaways – Nov … Read more
November 7, 2024 at 04:47AM ToxicPanda, an Android banking trojan with connections to China, is currently targeting more than a dozen banks across Europe and Latin America. ### Meeting Notes Takeaways – **Subject**: ToxicPanda Android Banking Trojan – **Origin**: Linked to China – **Targeted Regions**: – Europe – Latin America – **Impact**: Affects over a … Read more
August 7, 2024 at 01:37AM Hunters International, a ransomware-as-a-service gang suspected of rebranding from the Hive crew, has been targeting network admins with malware disguised as Angry IP Scanner. The group’s use of double extortion attacks and rise to the top ten most detected ransomware mobs has positioned them as a significant threat, having been … Read more
July 23, 2024 at 10:36AM CrowdStrike warns of a new Daolpu malware, falsely distributed as a Windows recovery tool after the recent Falcon update struggles. This stealer targets account credentials and browser data from Chrome, Edge, Firefox, and Cốc Cốc. Attackers use malicious document macros to trigger the malware. CrowdStrike advises vigilance against phishing and … Read more
July 11, 2024 at 06:39AM A new email phishing campaign targeting Spanish language victims delivers a remote access trojan called Poco RAT since February 2024. The attacks primarily aim at mining, manufacturing, hospitality, and utilities sectors. The malware uses various tactics such as finance-themed lures and legitimate services abuse to evade detection. Additionally, the article … Read more
July 4, 2024 at 09:10AM Conceptworld Corporation, an India-based software company, was found to be distributing information-stealing malware with its software products. Researchers from Rapid7 discovered that the installation packages of their tools, Notezilla, RecentX, and Copywhiz, had been Trojanized. Despite replacing the malicious installers, users were unknowingly exposed to the dllFake malware, capable of … Read more