Summary :
ReversingLabs researchers have identified a rising trend of malicious activities targeting the VSCode Marketplace, particularly through npm packages. This shift highlights the vulnerability of development environments and the need for stringent security measures to prevent supply chain attacks. #Malware #SupplyChainAttack #CyberSecurity
Keypoints :
ReversingLabs has expanded its threat hunting to the VSCode Marketplace, revealing increasing malicious activities.…Summary: Malware targeting public repositories like npm, PyPI, and others has become increasingly prevalent, with malicious packages often published by new accounts. Recent incidents, such as the compromise of the @lottiefiles/lottie-player package, highlight the risks of supply chain attacks. These attacks can occur even in established packages, emphasizing the need for secure development practices and regular security assessments to mitigate risks.…
See RL’s Joshua Knox break down the Polyfill.io supply chain attack on YouTube.…
ReversingLabs researchers have made it a priority to monitor public, open source repositories for malicious packages that may lurk on them in recent years. The number and frequency of malicious packages has increased steadily as malicious actors turn to software supply chains for an easy route into hundreds, thousands or even tens of thousands of protected IT environments. …
On Substack, publications run by cybersecurity professionals and journalists with expertise in cybersecurity can help practitioners keep pace with developments in security operations and many other areas of cybersecurity.…
Security teams spend a lot of time chasing software vulnerabilities. The fact is, however, that their time would be better spent combating malware because the payoff is better: faster detection, response, and resolution of threats.…
ReversingLabs researchers recently discovered a malicious, open source package: xFileSyncerx on the Python Package Index (PyPI). The package, with close to 300 registered downloads, contained separate malicious “wiper” components. Is it an open source supply chain threat? Kind of. Further investigation by our team uncovered the fact that the downloader and wipers were created by a cybersecurity pro doing “red team” penetration testing of a client’s SOC. …
Cyberthreat intelligence (CTI) can be a powerful weapon for protecting an organization from cyberattack, enabling teams to understand both the threats they face and the tactics, techniques, and procedures of their adversaries.…
In the last few years, there has been a dramatic rise (1300%) in supply chain attacks across multiple public repositories. ReversingLabs’ researchers have been monitoring them daily to detect malicious packages. After packages are detected, the team notifies administrators for these public repositories, and encourages them to take the offending packages down if they are still up.…
ReversingLabs has identified a new, malicious campaign consisting of seven different open source packages with 19 different versions on the Python Package Index (PyPI), with the oldest package dating back to December, 2022. The campaign’s goal: to steal mnemonic phrases used to recover lost or destroyed crypto wallets.…
ReversingLabs researchers have observed a clear trend in which open-source platforms and code have become the stage for a growing and diverse range of malicious activity and campaigns. This trend includes hosting malicious command-and-control (C2) infrastructure, storing stolen data, and delivering second- and third- stage malware including downloaders and rootkit programs.…
ReversingLabs researchers have discovered two malicious packages on the npm open source package manager that leverages GitHub to store stolen Base64-encrypted SSH keys lifted from developer systems that installed the malicious npm packages. …
The use of public services as command-and-control (C2) infrastructure isn’t a revolutionary technique for malicious actors. ReversingLabs has observed such behavior in several malware campaigns throughout the last few years.
Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive and Discord to host second stage malware and sidestep detection tools.…
Newly discovered open source software packages on the npm platform contain scripts that broadcast peace messages related to ongoing conflicts in Ukraine and on the Gaza Strip when they are deployed, according to research conducted by ReversingLabs.
The packages are just the latest examples of so-called “protestware,” a recurrent issue in the open source software ecosystem in which application developers conceal political messages inside open source code, often designing it to display to the user after an application is installed or when it is executed.…
ReversingLabs has identified connections between a malicious campaign that was recently discovered and reported by the firm Phylum and several hundred malicious packages published to the NuGet package manager since the beginning of August. The latest discoveries are evidence of what seems to be an ongoing and coordinated campaign.…
ReversingLabs researchers have identified a new, malicious supply chain attack affecting the npm platform. The “typosquatting” campaign first appeared in August and pushed a malicious package, node-hide-console-windows, which downloaded a Discord bot that facilitated the planting of an open source rootkit, r77.
This is the first time ReversingLabs researchers have discovered a malicious open source package delivering rootkit functionality, and suggests that open source projects may increasingly be seen as an avenue by which to distribute malware. …
More than a week after it suffered a crippling ransomware attack, the hotel giant MGM is struggling to recover. The attack, linked to the ransomware-as-a-service (RaaS) group known as ALPHV, or BlackCat, caused slot machines and ATMs in MGM’s Las Vegas hotels to go dark and forced hotel staff to revert to pencil and paper while guests queued for hours in lines to check in and out of their rooms. …
Security teams are well aware of the growing problem of software supply chain attacks, but it’s essential that organizations stay abreast of the various threats posed to software supply chains.
One of the pain points that organizations need to learn more about and defend against is malicious campaigns found on open-source software repositories.…