A Checkmarx analysis details a large typosquatting campaign targeting Python’s top packages that drops Windows malware hosted on GitHub and uses a domain-generation algorithm for C2. The operation also includes DDOS capabilities, anti-sandbox tricks, and persi…
Tag: SUPPLY CHAIN
Sonatype uncovered secretslib, a PyPI package that masquerades as a secrets-management library but secretly runs an in-memory Linux cryptominer, a technique used by fileless malware. The incident also involved identity impersonation of a real Argonne National …
Iron Tiger’s operation against Mimi chat installers shows a supply chain compromise delivering HyperBro on Windows and rshell on macOS/Linux across multiple targets. The campaign spans three major platforms, uses code obfuscation, and establishes C2 communicat…
VirusTotal’s Deception at scale report analyzes how malware abuses trust by hiding in legitimate installers, signing certificates, and masquerading as popular applications to deliver malicious payloads. It highlights social engineering trends and practical tec…
Two sentences summarizing the content: ReversingLabs uncovered a widespread npm software supply chain attack where malicious JavaScript packages were published to steal form data from apps and websites. The campaign used typosquatting to impersonate legitimate…
ThreatLabz has tracked a voicemail-themed credential phishing campaign since May 2022 targeting US-based organizations across multiple verticals to steal Office365 and Outlook credentials. The operation shows overlap with a 2020 voicemail campaign and uses tar…
Sonatype researchers detected a malicious Python package named “pymafka” on PyPI that typosquats the popular library PyKafka and delivers a Cobalt Strike beacon across Windows, macOS, and Linux. The package downloads platform-specific payloads from external IP…
CrateDepression is a Rust crate supply-chain attack targeting Rust developers and GitLab CI pipelines, using a typosquatted dependency (rustdecimal) to drop a second-stage Go-based payload built on Mythic Poseidon. The campaign could enable larger-scale supply…
JFrog Security researchers uncovered a highly targeted npm supply chain attack aimed at German-based companies, using fake npm maintainers to host malicious packages that deliver a sophisticated backdoor payload. The operation appears to involve dependency con…
SentinelLabs describes AcidRain, an ELF MIPS wiper that targets modems and routers to overwrite flash storage, in the context of the KA-SAT outage tied to the Russia-Ukraine conflict. The report also notes potential overlaps with VPNFilter/Sandworm activity an…
Purple Fox is a long-standing threat that has evolved with a new arrival vector and early access loaders, distributing trojanized installers masquerading as legitimate apps. This campaign expands the botnet by introducing new payloads, including a FatalRAT var…
Mandiant ties a campaign that uses SEO poisoning to distribute BATLOADER and ATERA Agent to techniques disclosed after a CONTI ransomware affiliate leak in August 2021. The report also provides extensive indicators, a YARA rule, and a MITRE ATT&CK mapping span…
This article explains the categories of cookie consent and technical storage/access purposes used to process user data, including necessary, preference, statistical, and marketing uses. It notes that refusing consent may limit some site features and that certain statistical or advertising uses can persist without personally identifying users. #cookies #consent…