Author: SocketDev

Summary: The Socket research team has uncovered a sophisticated malware campaign utilizing Ethereum smart contracts for command and control, marking a significant evolution in supply chain attacks targeting the npm ecosystem. This innovative approach makes traditional detection methods ineffective, as attackers leverage blockchain technology to maintain persistent control over their malware.…
Read More
Summary: The Socket Research Team has uncovered a malicious Python package named “fabrice” that is typosquatting the legitimate “fabric” SSH automation library. This package has been silently exfiltrating AWS credentials since 2021, with over 37,000 downloads. It employs various techniques to execute malicious actions on both Linux and Windows systems, highlighting the risks associated with using open source software.…
Read More
Summary: This article discusses a newly discovered malware that disguises itself as a WhatsApp Web client, capable of deleting files while masquerading within trusted authentication processes. The malware employs a multi-stage attack, utilizing data exfiltration and a destructive payload to compromise systems. Its stealthy approach highlights the risks associated with messaging platforms and the importance of scrutinizing third-party packages.…
Read More
Summary: In October 2024, a significant npm malware campaign was uncovered, utilizing Ethereum smart contracts for decentralized control and evading detection. The threat actor, known as “_lain,” orchestrated a botnet named “MisakaNetwork,” exploiting typosquatting and postinstall scripts to compromise developers’ systems. This campaign poses serious risks to the software supply chain, highlighting vulnerabilities within the npm ecosystem.…
Read More