Cybersecurity

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Jan 29, 2024NewsroomPyPI Repository / Malware Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. They have been uploaded by a threat actor […]

Cybersecurity

Malicious ads for restricted messaging applications target Chinese users | Malwarebytes

An ongoing campaign of malicious ads has been targeting Chinese-speaking users with lures for popular messaging applications such as Telegram or LINE with the intent of dropping malware. Interestingly, software like Telegram is heavily restricted and was previously banned in China. Many Google services, including Google search, are also either restricted or heavily censored in […]

Cybersecurity

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Jan 26, 2024NewsroomMalvertising / Phishing-as-a-service Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. “The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead,” Malwarebytes’ […]

Cybersecurity

Software supply chain attacks are getting easier – Help Net Security

ReversingLabs identified close to 11,200 unique malicious packages across three major open-source software platforms in 2023: npm, PyPI, and RubyGems. These findings mark an astounding 1,300% increase in malicious packages from 2020 and an increase of 28% over 2022 when a little more than 8,700 malicious packages were detected. “Over the years, we’ve closely monitored […]

Cybersecurity

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Jan 23, 2024NewsroomSoftware Security / Supply Chain Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and 1,281 downloads […]

Cybersecurity

Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

Jan 19, 2024NewsroomSoftware Security / Spyware A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named “oscompatible,” was published on January 9, 2024, attracting a total of 380 downloads before it was taken down. oscompatible included a “few strange binaries,” according […]

Cybersecurity

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Defense evasion by exploiting CVE-2023-36025 Once the malicious .url file exploiting CVE-2023-36025 is executed, it connects to an attacker-controlled server to download and execute a control panel item (.cpl) file. Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the .url file from an untrusted source. However, the attackers craft a […]