Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. "The activity aligns with a broader cluster of threats that...

Developer-targeting campaign using malicious Next.js repositories

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials. Telemetry collected during this investigation indicates the activity aligns with a broader cluster...

Malicious code in pytarlooko (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6dddca319cc76ce2f8951f40c21b31bf4a25775212cc5339063154c7aecf052f Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

Malicious code in some_crucial_web_app_new (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ccdfaaee4aea58e70c939bbfb4ebf1b0e2bf0cd4ce9918422a25e37c7ac59071 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...