Scammers Use TikTok and Instagram Reels to Spread Vidar Infostealer

ReversingLabs reveals how hackers exploit social media engagement metrics to deliver Vidar infostealer malware to thousands of unsuspecting users...

Free Spotify Premium hacks on social media are spreading infostealers

Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware. We've already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they're being lured with slick...

Malicious Package

Overview terminal-prettier is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview graphbase-js is a malicious package. This package contains malicious code, and its content was not yet removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview bitcoinlibdbfix is a malicious package. This package installs a module that steals sensitive data from its target by overwriting legitimate CLI commands with malicious ones. Remediation Avoid using all malicious instances of the bitcoinlibdbfix package. References - Malicious Package...

New npm Malware Attack Infects Popular Ethereum Library with Backdoor

Security researchers at ReversingLabs have discovered a new malware campaign on the npm package repository, revealing a new…...

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index PyPI repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain...

Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers

Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which...

Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment. Software supply chain security firm ReversingLabs described the campaign as coordinated and ongoing since August 1, 2023, while linki...

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack

A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality. The package in question is node-hide-console-windows, which mimics the legitimate npm package...

North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository

Three additional rogue Python packages have been discovered in the Package Index PyPI repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from...

Over a Dozen Malicious npm Packages Target Roblox Game Developers

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. The ongoing campaign, first detected on August...

VMCONNECT: Malicious PyPI Package Mimicking Common Python Tools

By Deeba Ahmed Threat researchers at ReversingLabs, a software supply chain security and malware analysis platform, have discovered a malicious new PyPI… This is a post from HackRead.com Read the original post: VMCONNECT: Malicious PyPI Package Mimicking Common Python Tools...

New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A ne...

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M"...

Partner Perspectives: Notes from the Field: Extending Carbon Black Visibility to Undetected Malware

Daniel LaVoie is a Senior Solutions Specialist at ReversingLabs. On a recent customer visit, I asked the company’s Director of Security Operations how ReversingLabs came to be deployed as a part of their SOC tool set. The answer was quite interesting, and one that I wanted to share with our blog...