Search cyberveille.decio.ch

Found 7 bookmarks

Custom sorting

Using Trusted Protocols Against You: Gmail as a C2 Mechanism...

Socket’s Threat Research Team uncovered malicious Python packages designed to create a tunnel via Gmail. The threat actor’s email is the only potential clue as to their motivation, but once the tunnel is created, the threat actor can exfiltrate data or execute commands that we may not know about through these packages. These seven packages: Coffin-Codes-Pro Coffin-Codes-NET2 Coffin-Codes-NET Coffin-Codes-2022 Coffin2022 Coffin-Grave cfc-bsb use Gmail, making these attempts less likely to be flagged by firewalls and endpoint detection systems since SMTP is commonly treated as legitimate traffic. These packages have since been removed from the Python Package Index (PyPI).

#socket.dev #EN #2025 #supply-chain-attack #PyPI #Python #packages #malicious #Gmail #tunnel

·socket.dev·May 2, 2025

Using Trusted Protocols Against You: Gmail as a C2 Mechanism...

Python Crypto Library Updated to Steal Private Keys

Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean

#phylum #EN #2024 #Python #Crypto #Library #PyPI #malicious #code #aiocpa #Supply-chain-attack

·blog.phylum.io·Nov 29, 2024

Python Crypto Library Updated to Steal Private Keys

Iraq-based cybercriminals deploy malicious Python packages to steal data

An information-stealing script embedded in a Python package on the popular repository PyPI appears to be connected to a cybercriminal operation based in Iraq, according to researchers at Checkmarx.

#therecord.media #EN #2024 #PyPI #Python #Infostealer #Supply-chain-attack

·therecord.media·Jul 18, 2024

Iraq-based cybercriminals deploy malicious Python packages to steal data

Over 170K users hit by poisoned Python package ruse

Supply chain attack targeted GitHub community of Top.gg Discord server

#theregister #EN #2024 #Top.gg #GitHub #Supply-chain-attack #Python

·theregister.com·Mar 25, 2024

Over 170K users hit by poisoned Python package ruse

Python obfuscation traps

In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example involves developers being targeted by seemingly legitimate Python obfuscation packages that harbor malicious code.

#checkmarx #EN #2023 #Python #obfuscation #Supply-chain-attack

·checkmarx.com·Nov 8, 2023

Python obfuscation traps

The evolutionary tale of a persistent Python threat 

Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft.

#checkmarx #EN #2023 #Supply-chain-attack #malicious #packages #Python

·checkmarx.com·Oct 5, 2023

The evolutionary tale of a persistent Python threat 

Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild

Follow security researchers as they uncover malicious packages on open-source registries, trace bad actors to Discord, and unveil AI-assisted code.

#hackernoon #EN #2023 #python #PyPI #Supply-Chain-Attack #ChatGPT

·hackernoon.com·May 3, 2023

Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild