3 matches found
Malicious code in apple-pki-cert-validator (npm)
Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...
Malicious code in auto-backup-linux (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e6f1fce241db64e9804a2eee083721b8374a2f27d8f4f2c51ce77a8e7687c61e Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where...
Malicious code in assisting-threading (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 33605e5f943eacd5d5ab7a4c37625226e2ef072f2fd3dac068b169d58ba1c2c9 Infostealer exfiltrating cookies, history and passwords from the Google Chrome browser, as well as attempting to do a webcam photo. Data are sent to a Discord...