The Checkmarx Research team recently discovered an attack campaign targeting the software supply chain, with evidence of successful exploitation of multiple victims. These include the Top.gg GitHub organization (a community of over 170k users) and several individual developers. The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom Python mirror, and publishing malicious
python (6)
The cloud hack tool scene is highly intertwined, with many tools relying on one another’s code. This is particularly true for malware families like AlienFox, Greenbot, Legion, and Predator, which share code from a credential scraping module called Androxgh0st. Analysts identified a tool that is related but distinct from these families. FBot is a Python-based attack tool with features to target web servers and cloud services as well as Software-as-a-Service (SaaS) technologies, including:
- Ama
Partial encryption is a growing trend in the world of ransomware, but with it comes the potential for data recovery on affected files. We’ll give an overview here on what the term “partial encryption” means. It is perhaps more accurate to say, “intermittent encryption,” but even so, it will be important to understand this recent trend in how many ransomware infections operate. From there, we’ll introduce White Phoenix, the freely available tool developed by CyberArk which can be used on part
By monitoring an open-source ecosystem, the FortiGuard Labs team recently discovered over 60 zero-day attacks embedded in PyPI packages (Python Package Index) between early February and mid-March of 2023. In this report[1], analysts cover all the packages found, grouping them into similar attacks or behaviors.
The packages in this set were found to be similar:
- py-hydraurlstudy (version 2.37)
- tptoolpywgui (version 10.56)
- libgetrandram (version 7.78)
- esqultraultrapong (version 7.37)
- esqhacke
Security researchers have identified more than 20 malicious PyPI packages designed to steal passwords and other sensitive information from the victims’ machines. Investigators are warning of two such packages ‘ultrarequests’ and ‘pyquest’ that were masquerading as ‘requests’, a highly popular open source package. The malicious repositories copied the description from the legitimate package and contained fake statistics. PyPI as an index which allows users to search for packages by keywords o
An adversary known for targeting the Financial Cyber Sector, at least since 2018, has switched up its tactics to include a new Python-based remote access Trojan (RAT).[1] This RAT can steal passwords, documents, browser cookies, email credentials, software licenses, and credentials for trading software/platforms, customer credit card information, and proof of address/identity documents, and other sensitive information. The group is suspected of offering APT style hacker-for-hire services to o
