Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said. The activity has been assessed to be part of an ongoing VMConnect campaign that first came to light in August 2023. There are indications that i
pypi (7)
Recently, security researchers have uncovered close to 4,000 unique secrets inside nearly 3,000 PyPI packages https://pypi.org and says that more than 760 of these secrets were found to be valid. Overall, the researchers identified 151 individual types of secrets, including AWS, Azure AD, GitHub, Dropbox, and Auth0 keys, credentials for MongoDB, MySQL, and PostgreSQL, and SSH, Coinbase, and Twilio Master credentials.
Valid credentials pose a critical and immediate threat to organizations, as
The campaign, which began at the start of August 2023, revolves around malicious packages impersonating the legitimate noblox.js, a popular Node.js Roblox API wrapper. Roblox developers are being targeted by a new malware called Luna Grabber. The malware is being distributed through malicious npm packages that impersonate legitimate software. Luna Grabber can steal sensitive data from victims’ web browsers, Discord applications, and local system configurations.
The malware was downloaded appr
By monitoring an open-source ecosystem, the FortiGuard Labs team recently discovered over 60 zero-day attacks embedded in PyPI packages (Python Package Index) between early February and mid-March of 2023. In this report[1], analysts cover all the packages found, grouping them into similar attacks or behaviors.
The packages in this set were found to be similar:
- py-hydraurlstudy (version 2.37)
- tptoolpywgui (version 10.56)
- libgetrandram (version 7.78)
- esqultraultrapong (version 7.37)
- esqhacke
As recently exposed by cyber threat investigators, software supply chain attacks have gained popularity with cybercriminals. Once exclusively used by cyberespionage threat actors, these attacks have become attractive for average cyber criminals, who see this threat as a way to compromise hundreds or thousands of computers with one operation. This explains why the software supply chain attack threat more than tripled in 2021 when compared to 2020, researchers report.[1]
A software supply chain a
A new Phishing-as-a-Service (PhaaS) named EvilProxy (also known as Moloch) was seen for sale in dark web forums, according to researchers. Moloch ransomware is a computer virus infection that encrypts all personal victim files on an affected device and demands a ransom for unlocking them. This file-locking parasite belongs to a relatively small Makop ransomware family compared to others, such as Djvu or Dharma.
EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA
Security researchers have identified more than 20 malicious PyPI packages designed to steal passwords and other sensitive information from the victims’ machines. Investigators are warning of two such packages ‘ultrarequests’ and ‘pyquest’ that were masquerading as ‘requests’, a highly popular open source package. The malicious repositories copied the description from the legitimate package and contained fake statistics. PyPI as an index which allows users to search for packages by keywords o