Found 36 bookmarks
Custom sorting
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available commodity malware, public platforms like GitHub for hosting malicious executables, and communication channels like Discord and Telegram for C2 operations to bypass traditional security measures," Socket security researcher Kirill Boychenko said in a report shared with The Hacker News.
#thehackernews#EN#2024#Malicious#NPM#Packages#Roblox
·thehackernews.com·
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
Fake AWS Packages Ship Command and Control Malware In JPEG Files
Fake AWS Packages Ship Command and Control Malware In JPEG Files
On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed
#phylum#EN#2024#AWS#fake#Supply-chain-attack#npm#package#registry#JPEG
·blog.phylum.io·
Fake AWS Packages Ship Command and Control Malware In JPEG Files
Persistent npm Campaign Shipping Trojanized jQuery
Persistent npm Campaign Shipping Trojanized jQuery
Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery
#phylum#EN#2024#Trojanized#jQuery#Supply-chain-attack#npm
·blog.phylum.io·
Persistent npm Campaign Shipping Trojanized jQuery
North Korea’s Post-Infection Python Payloads – One Night in Norfolk
North Korea’s Post-Infection Python Payloads – One Night in Norfolk
Throughout the past few months, several publications have written about a North Korean threat actor group’s use of NPM packages to deploy malware to developers and other unsuspecting victims. This blog post provides additional details regarding the second and third-stage malware in these attacks, which these publications have only covered in limited detail.
#norfolkinfosec#EN#2024#NPM#packages#Phlyum#malware#North-Korea#phyton#payloads
·norfolkinfosec.com·
North Korea’s Post-Infection Python Payloads – One Night in Norfolk
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to
#phylum#EN#2023#npm#Reverse#Shell#Supply-chain-attack
·blog.phylum.io·
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
An Ongoing Open Source Attack Reveals Roots Dating Back To 2021
An Ongoing Open Source Attack Reveals Roots Dating Back To 2021
Developers in the cryptocurrency sphere are being targeted once again, as yet another threat actor has been exposed. This user has been publishing malicious NPM packages with the purpose of exfiltrating sensitive data such as source code and configuration files from the victim’s machines. The threat actor behind this campaign has been linked to malicious activity dating back to 2021. Since then, they have continuously published malicious code.
#checkmarx#EN#2023#malicious#NPM#Supply-chain-security
·checkmarx.com·
An Ongoing Open Source Attack Reveals Roots Dating Back To 2021
Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion
Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion
In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.
#thehackernews#EN#2022#node-ipc#developer#cyberwar#NPM#supplychain#sabotage#CVE-2022-23812
·thehackernews.com·
Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion