FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

By Newsroom — February 20th 2024 at 12:30
Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttper, were each downloaded 537 and 166 times, respectively,
☐ ☆ ✇ The Hacker News

Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

By Newsroom — October 31st 2023 at 12:04
Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment. Software supply chain security firm ReversingLabs described the campaign as coordinated and ongoing since August 1, 2023, while linking it to a host of rogue NuGet packages that were observed delivering a remote access trojan called
☐ ☆ ✇ The Hacker News

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack

By Newsroom — October 4th 2023 at 11:16
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality. The package in question is node-hide-console-windows, which mimics the legitimate npm package node-hide-console-window in what's an instance of a typosquatting campaign. It was downloaded 704
☐ ☆ ✇ The Hacker News

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository

By THN — August 31st 2023 at 12:46
Three additional rogue Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro. First disclosed at the
☐ ☆ ✇ The Hacker News

Malicious PyPI Packages Using Compiled Python Code to Bypass Detection

By Ravie Lakshmanan — June 1st 2023 at 12:16
Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools. "It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed," ReversingLabs analyst Karlo Zanki said in a report shared with The Hacker News. The package
☐ ☆ ✇ The Hacker News

Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data

By Ravie Lakshmanan — December 19th 2022 at 18:05
Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak. The package, named SentinelOne and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two dozen
❌