PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot

November 25, 2024 at 10:00AM The Python Package Index (PyPI) has quarantined the malicious “aiocpa” package, which was updated to exfiltrate private keys via Telegram. Originally released in September 2024 and downloaded 12,100 times, the malicious code was hidden in an obfuscated script. This incident underscores the need for thorough source code scanning. **Meeting Takeaways: … Read more

Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor

October 22, 2024 at 06:18AM Cybersecurity researchers identified suspicious npm registry packages designed to steal Ethereum private keys and gain SSH access to victim machines. These packages impersonate legitimate libraries, requiring developers to use them to trigger malware. Previous similar attacks included a malicious package that exfiltrated keys to a server in China. ### Meeting … Read more

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

June 3, 2024 at 10:25AM Cybersecurity researchers found a suspicious package in the npm registry called glup-debugger-log, disguising as a toolkit logger. It has been downloaded 175 times and contains obfuscated files deploying a remote access trojan. The package uses a series of checks before launching a JavaScript file for persistence and executing arbitrary commands. … Read more

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

April 12, 2024 at 11:39AM XZ Utils backdoor test files were found in liblzma-sys, impacting version 0.3.2, but have since been removed in version 0.3.3. The backdoor allowed remote code execution through SSH and was attributed to a social engineering campaign targeting open-source projects. Multiple organizations have warned of the sophisticated methods used and emphasized … Read more

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

February 29, 2024 at 03:33AM North Korean hackers, Lazarus, uploaded four malware-containing packages to PyPI repository, collectively downloaded 3,269 times. The packages, now removed, targeted Python developers by capitalizing on typos during installation. The attack mirrors Phylum’s discovery of rogue npm packages targeting developers. Both campaigns conceal malicious code within test scripts. JPCERT/CC urges caution … Read more

North Korean Hackers Targeting Developers with Malicious npm Packages

February 26, 2024 at 07:39AM Fake npm packages linked to North Korean state-sponsored actors were discovered on the Node.js repository, posing a software supply chain attack. The malicious packages, posing as legitimate ones, installed cryptocurrency and credential stealers. The attackers made efforts to conceal the code and made connections to North Korean threat actors. Vigilance … Read more

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

February 23, 2024 at 12:45PM A dormant package on PyPI, django-log-tracker, was updated after two years to introduce the Nova Sentinel information stealer malware. The update, detected on Feb 21, 2024, suggests a compromise of the PyPI account. The malicious update contained an executable file for the malware. The attack was an attempted supply-chain attack … Read more