pypi (6)

12293629454?profile=RESIZE_400xRecently, security researchers have uncovered close to 4,000 unique secrets inside nearly 3,000 PyPI packages   and says that more than 760 of these secrets were found to be valid.  Overall, the researchers identified 151 individual types of secrets, including AWS, Azure AD, GitHub, Dropbox, and Auth0 keys, credentials for MongoDB, MySQL, and PostgreSQL, and SSH, Coinbase, and Twilio Master credentials.

Valid credentials pose a critical and immediate threat to organizations, as

12207612053?profile=RESIZE_400xThe campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js, a popular Node.js Roblox API wrapper.  Roblox developers are being targeted by a new malware called Luna Grabber.  The malware is being distributed through malicious npm packages that impersonate legitimate software.  Luna Grabber can steal sensitive data from victims’ web browsers, Discord applications, and local system configurations.

The malware was downloaded appr

11020228280?profile=RESIZE_400xBy monitoring an open-source ecosystem, the FortiGuard Labs team recently discovered over 60 zero-day attacks embedded in PyPI packages (Python Package Index) between early February and mid-March of 2023.  In this report[1], analysts cover all the packages found, grouping them into similar attacks or behaviors.



The packages in this set were found to be similar:

  • py-hydraurlstudy (version 2.37)
  • tptoolpywgui (version 10.56)
  • libgetrandram (version 7.78)
  • esqultraultrapong (version 7.37)
  • esqhacke

10840258683?profile=RESIZE_400xAs recently exposed by cyber threat investigators, software supply chain attacks have gained popularity with cybercriminals. Once exclusively used by cyberespionage threat actors, these attacks have become attractive for average cyber criminals, who see this threat as a way to compromise hundreds or thousands of computers with one operation.  This explains why the software supply chain attack threat more than tripled in 2021 when compared to 2020, researchers report.[1]

A software supply chain a

10805878881?profile=RESIZE_400xA new Phishing-as-a-Service (PhaaS) named EvilProxy (also known as Moloch) was seen for sale in dark web forums, according to researchers.  Moloch ransomware is a computer virus infection that encrypts all personal victim files on an affected device and demands a ransom for unlocking them.  This file-locking parasite belongs to a relatively small Makop ransomware family compared to others, such as Djvu or Dharma.

EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA

10777368500?profile=RESIZE_400xSecurity researchers have identified more than 20 malicious PyPI packages designed to steal passwords and other sensitive information from the victims’ machines.   Investigators are warning of two such packages ‘ultrarequests’ and ‘pyquest’ that were masquerading as ‘requests’, a highly popular open source package.  The malicious repositories copied the description from the legitimate package and contained fake statistics.  PyPI as an index which allows users to search for packages by keywords o