Found 56 bookmarks
Custom sorting
Python Crypto Library Updated to Steal Private Keys
Python Crypto Library Updated to Steal Private Keys
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean
#phylum#EN#2024#Python#Crypto#Library#PyPI#malicious#code#aiocpa#Supply-chain-attack
·blog.phylum.io·
Python Crypto Library Updated to Steal Private Keys
MacOS X Malware Development
MacOS X Malware Development
In today’s post, We’ll explore the process of designing and developing malware for macOS, which is a Unix-based operating system. We’ll use a classic approach to understanding Apple’s internals. To follow along, you should have a basic understanding of exploitation, as well as knowledge of C and Python programming, and some familiarity with low-level assembly language. While the topics may be advanced, I’ll do my best to present them smoothly.
#0xf00sec#EN#2024#MacOS#Malware#Development#process#Python#technique
·0xf00sec.github.io·
MacOS X Malware Development
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
Python’s e-mail libraries smtplib, imaplib, and poplib do not verify server certificates unless a proper SSL context is passed to the API. This leads to security problems.
#pentagrid#EN#Python#e-mail#libraries#smtplib#imaplib#poplib#SSL#insecure#analysis
·pentagrid.ch·
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
Python obfuscation traps
Python obfuscation traps
In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example involves developers being targeted by seemingly legitimate Python obfuscation packages that harbor malicious code.
#checkmarx#EN#2023#Python#obfuscation#Supply-chain-attack
·checkmarx.com·
Python obfuscation traps
The evolutionary tale of a persistent Python threat 
The evolutionary tale of a persistent Python threat 
Since early April 2023, an attacker has been relentlessly deploying hundreds of malicious packages through various usernames, accumulating nearly 75,000 downloads. Our team at Checkmarx’s Supply Chain Security has been on this malicious actor’s trail since early April, documenting each step of its evolution. We have been actively observing an attacker who seems to be evermore refining their craft. 
#checkmarx#EN#2023#Supply-chain-attack#malicious#packages#Python
·checkmarx.com·
The evolutionary tale of a persistent Python threat 
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology sectors.
#netskope#EN#2023#analysis#Python#NodeStealer#Facebook#Credentials#Login
·netskope.com·
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials