November 9, 2024 at 03:12PM A malicious Python package, ‘fabrice,’ has been available on PyPI since 2021, stealing AWS credentials from developers. Downloaded over 37,000 times through typosquatting the legitimate ‘fabric,’ it executes OS-specific scripts for credential theft, exfiltrating them to a VPN server. Users are advised to verify packages and implement IAM for protection. … Read more
November 7, 2024 at 05:04AM A malicious package named “fabrice” on PyPI has stealthily stolen AWS credentials from developers for over three years, with over 37,100 downloads. It exploits trust in the legitimate library “fabric,” using various payloads to execute attacks on both Linux and Windows systems, facilitating credential theft. ### Meeting Takeaways – Nov … Read more
November 5, 2024 at 11:32AM A typosquatting campaign is targeting developers through similar-named malicious JavaScript npm packages, leading to info-stealing malware. Originating in October, it employs Ethereum smart contracts for command and control, complicating detection. Researchers emphasize the need for stricter package management and authentication to protect development environments from these attacks. Here are the … Read more
November 5, 2024 at 01:45AM A campaign targeting npm developers employs hundreds of typosquat packages to install cross-platform malware, utilizing Ethereum smart contracts for command-and-control. This approach complicates detection and takedown efforts, highlighting vulnerabilities in the open-source ecosystem. The attacker may be Russian-speaking, emphasizing the need for developer vigilance when downloading packages. ### Meeting Takeaways … Read more
September 6, 2024 at 11:45AM Threat actors use typosquatting to deceive users into accessing malicious sites or downloading compromised software. They exploit typing errors in open-source repositories like PyPI, npm, and GitHub Actions to introduce supply chain attacks. Cloud security firm Orca’s findings reveal the vulnerability of even trusted platforms like GitHub Actions. Users are … Read more
July 20, 2024 at 01:30PM CrowdStrike’s flawed Windows update led to a global IT disruption, exploited by threat actors to distribute Remcos RAT to Latin American customers using a disguised hotfix. The attack involves a ZIP file containing a malware loader and Spanish instructions, targeting CrowdStrike’s Latin America-based customers. Malicious actors are also setting up … Read more
June 19, 2024 at 01:29PM A phishing-as-a-service operation is targeting financial firms using advanced tactics such as 2FA bypass, QR codes, and typosquatting to compromise Microsoft 365 accounts. The origin of the campaign was traced to a platform called ONNX Store, which operates through Telegram bots. Countermeasures include blocking unverified PDF and HTML attachments, implementing … Read more
April 18, 2024 at 01:10AM A new malvertising campaign by Google uses multiple fake domains to distribute the backdoor “MadMxShell,” targeting users searching for IP scanning and IT management software. The Windows backdoor is distributed through JavaScript code and DLL side-loading, using DNS MX queries for command-and-control. The threat actor’s origins and motivations are currently … Read more
March 29, 2024 at 02:09AM The Python Package Index (PyPI) temporarily halted new user sign-ups due to an influx of malicious projects aimed at developers. Threat actors used typosquatting to upload deceptive versions of popular packages, targeting sensitive data and crypto wallets. Over 500 suspicious packages were uploaded within days, highlighting the increasing risk of … Read more
March 11, 2024 at 05:26PM The practice of typosquatting involves using look-alike websites and domain names to deceive users, often relying on human errors to capture victims. Attackers are continuously improving their tactics, making it difficult to detect these fraudulent domains and messages. Various industries have fallen victim to typosquatting, prompting experts to emphasize the … Read more