Short Summary:
The CryptoAITools malware campaign targets cryptocurrency enthusiasts through a malicious Python package and deceptive GitHub repositories. This multi-stage malware aims to steal sensitive data and drain crypto wallets …
Author: Checkmarx
A few hours ago, The Python Package Index (PyPi) suspended new project creation and new user registration to mitigate an ongoing malware upload campaign.
The research team of Checkmarx simultaneously …
Key Points
Attackers often utilize Telegram bots to extract victims’ data. Monitoring an attacker’s communication can provide valuable information. It is possible to forward messages from an attacker’s bot to…A cybersecurity researcher, delving into the depths of a malicious Python package, suddenly finds themselves in the crosshairs of the very hacker they were tracking. What starts as a pursuit …
Key Points
For nearly half a year, a threat actor has been planting malicious Python packages into the open-source repository. Many of the malicious packages were camouflaged with names closely…In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number …
Key Points
Throughout September 2023, an attacker executed a targeted campaign via Pypi to draw developers using Alibaba cloud services, AWS, and Telegram to their malicious packages. Rather than performing…What Happened?
In July 2023, our scanners detected nontypical commits to hundreds of GitHub repositories appear to be contributed by Dependabot and carrying malicious code. Those commit messages were fabricated…In the battle of hackers against defenders, we consistently find hackers trying to disguise their true intent. We have analyzed an interesting sample that was armed with multiple layers of …
In May, we sounded the alarm about PYTA31, an advanced persistent threat actor distributing the “WhiteSnake” malware. Since then, we’ve been rigorously monitoring this group, which has been active from April …
The highly popular NuGet package, Moq, with total downloads of 475M+, released a new versions 4.20.0 and 4.20.1 on August 8th with a new sub-dependency that has hidden executable code that reads the user’s local …
Just like Hollywood has its own celebrities and well-known actors, the world of malicious open-source packages also has its own notorious players. And just like Hollywood stars, these threat actors …
Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”.
This attack group has been operating for over a year with multiple hacking …