#OpenSourceAbuse

Clever ‘GitHub Scanner’ campaign abusing repos to push malware

by

September 19, 2024 at 07:10AM A malicious threat campaign is using GitHub repositories to distribute malware. The campaign targets users who are part of an open source project or subscribe to email notifications from it. Malicious GitHub users create false “security vulnerability” issues to spread malware. From the meeting notes, it appears that a threat … Read more

Hackers Target Python Developers with Fake “Crytic-Compilers” Package on PyPI

by

June 6, 2024 at 02:24AM A malicious Python package called crytic-compilers was discovered on the Python Package Index, posing as a legitimate library named crytic-compile. It was designed to deliver an information stealer called Lumma. Additionally, more than 300 WordPress sites have been compromised with malicious Google Chrome update pop-ups, leading to the deployment of … Read more