October 2, 2024 at 11:24AM Mustang Panda, a Chinese APT group, is conducting a cyber-espionage campaign via malicious emails and the use of Visual Studio Code (VS Code) to distribute Python-based malware. Its tactics include establishing remote access to infected machines, exfiltrating data, and employing legitimate entities like GitHub for unauthorized access. Organizations are advised … Read more
September 11, 2024 at 05:12PM North Korean hacker group Lazarus is using a phishing campaign to target Python developers, posing as recruiters and luring them with coding test projects for password management products containing malware. The VMConnect campaign was detected in 2023, and ReversingLabs reports that the malicious projects are hosted on GitHub. Job candidates … Read more
July 26, 2024 at 04:55PM Researchers discovered a Python package called “lr-utils-lib” on PyPi, designed to target specific macOS machines and steal Google Cloud Platform credentials. The package conceals malicious code in its setup, posing as a legitimate package, and uses social engineering tactics. The campaign is unique due to its highly targeted nature, posing … Read more
May 27, 2024 at 03:54AM The Pakistan-based Transparent Tribe has been linked to new attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware. The attacks, spanning from late 2023 to April 2024, utilized popular online services for spear-phishing campaigns. The group is known for cyber espionage operations and has experimented with new intrusion … Read more
March 25, 2024 at 02:06PM Over 170,000 users were impacted by a complex attack employing fake Python infrastructure. The attack targeted the Top.gg GitHub organization and other developers, distributing malware-infected Python PyPI packages. This led to data theft from browsers, Discord, and crypto wallets. The attack involved various tactics, including creating clones of popular Python … Read more
November 14, 2023 at 07:33AM Threat actors are targeting publicly-accessible Docker Engine API instances to create a DDoS botnet called OracleIV. Attackers exploit the misconfiguration to install a malicious Docker container, which contains Python malware. The container also retrieves a shell script from a command-and-control (C&C) server. Cloud security firm Cado observed no evidence of … Read more