Found 4 bookmarks
Custom sorting
Fake AWS Packages Ship Command and Control Malware In JPEG Files
Fake AWS Packages Ship Command and Control Malware In JPEG Files
On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed
#phylum#EN#2024#AWS#fake#Supply-chain-attack#npm#package#registry#JPEG
·blog.phylum.io·
Fake AWS Packages Ship Command and Control Malware In JPEG Files
Persistent npm Campaign Shipping Trojanized jQuery
Persistent npm Campaign Shipping Trojanized jQuery
Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery
#phylum#EN#2024#Trojanized#jQuery#Supply-chain-attack#npm
·blog.phylum.io·
Persistent npm Campaign Shipping Trojanized jQuery
North Korea’s Post-Infection Python Payloads – One Night in Norfolk
North Korea’s Post-Infection Python Payloads – One Night in Norfolk
Throughout the past few months, several publications have written about a North Korean threat actor group’s use of NPM packages to deploy malware to developers and other unsuspecting victims. This blog post provides additional details regarding the second and third-stage malware in these attacks, which these publications have only covered in limited detail.
#norfolkinfosec#EN#2024#NPM#packages#Phlyum#malware#North-Korea#phyton#payloads
·norfolkinfosec.com·
North Korea’s Post-Infection Python Payloads – One Night in Norfolk