Malicious code in blank-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96f1bcd77950a6cd42af11d0d4fb4ba3d58349cfde6236027341c044e152bfeb This is an infostealer, based on Blank Grabber. It's used as dependency in other malicious packages --- Category: MALICIOUS - The campaign has clearly maliciou...

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. "This incident highlights the alarming ease with which threat actors can launch supply chain attack...

Python’s Poisoned Package: Another ‘Blank Grabber’ Malware in PyPI

Python Package Index PyPI is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform’s repository aimed at delivering malware to steal the victims information, or more frequently, to...

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack

A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality. The package in question is node-hide-console-windows, which mimics the legitimate npm package...