Found 11 bookmarks
Custom sorting
Python Crypto Library Updated to Steal Private Keys
Python Crypto Library Updated to Steal Private Keys
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean
#phylum#EN#2024#Python#Crypto#Library#PyPI#malicious#code#aiocpa#Supply-chain-attack
·blog.phylum.io·
Python Crypto Library Updated to Steal Private Keys
Fake AWS Packages Ship Command and Control Malware In JPEG Files
Fake AWS Packages Ship Command and Control Malware In JPEG Files
On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed
#phylum#EN#2024#AWS#fake#Supply-chain-attack#npm#package#registry#JPEG
·blog.phylum.io·
Fake AWS Packages Ship Command and Control Malware In JPEG Files
Persistent npm Campaign Shipping Trojanized jQuery
Persistent npm Campaign Shipping Trojanized jQuery
Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery
#phylum#EN#2024#Trojanized#jQuery#Supply-chain-attack#npm
·blog.phylum.io·
Persistent npm Campaign Shipping Trojanized jQuery
Malicious Go Binary Delivered via Steganography in PyPI
Malicious Go Binary Delivered via Steganography in PyPI
On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into
#phylum#EN#2024#Steganography#macOS#Go
·blog.phylum.io·
Malicious Go Binary Delivered via Steganography in PyPI
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to
#phylum#EN#2023#npm#Reverse#Shell#Supply-chain-attack
·blog.phylum.io·
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell