27 matches found
MAL-2026-6678 Malicious code in ts-linting-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...
Malicious code in vitest-globals (npm)
The package 'vitest-globals' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.co...
MAL-2025-49090 Malicious code in quantum-packages (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 144aa1474c1b5043966e321c81c29f0fae41f764e0948ee5491baa14a08563b1 The package quantum-packages was found to contain malicious code. Source: ghsa-malware 615e247f6ecd82d6ec0aacb0855b7a222aef75c2834a024b3b99ee38c2e7fb...
Malicious code in node-cron-master (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae251f427512a885e950ac70e8039b90f8ef6d22e8393886461f599805dc0688 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
HEUR.Trojan.Win32.Generic Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a6916fb9b824e3d2edfe46be69ca2501.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Generic Vulnerability: Insecure Permissions Description: The malware creates an di...
Police Have Disrupted the Emotet Botnet
A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Subjects of emails and documents in Emotet campaigns are...
Smominru Botnet Indiscriminately Hacked Over 90,000 Computers Just Last Month
Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous...
Microsoft Says Fireball Malware Threat 'Overblown'
Check Point has ramped down its projections on the impact of the recently disclosed Fireball malware after Microsoft called its initial numbers into question. Details on Fireball were published June 1 by Check Point, which said the malware was the work of a Chinese digital marketing agency called...
MSRT November 2016: Unwanted software has nowhere to hide in this month’s release
We came across a browser modifier that sports rootkit capabilities. Not only does the threat, detected as BrowserModifier:Win32/Soctuseer, cross the line that separates legitimate software from unwanted, it also takes staying under the radar to the next level. Rootkit capabilities, which make it...
Machines Infected by Locker Ransomware Decrypted
Update: Computers infected by the Locker crypto-ransomware were today decrypted as promised by the malware’s author, who last week posted the decryption keys to an upload site and apologized for releasing the malware. Lawrence Abrams of Bleeping Computer said the infected computers were decrypted...
Illegal Online Marketplaces Booming
A complete bundle of personal information hackers require to steal identities is available on the underground for as little as $25. The data, known as Fullz in underground parlance, includes name, address, phone number, date of birth, Social Security or EIN numbers, email address with password an...
Skype Malware Stealing Victims' Processing Power to Mine Bitcoins
Bitcoin may still be a virtual unknown quantity for most people, but the digital currency has not escaped the notice of attackers, many of whom are turning their attention to finding ways to use the system for their own gains. The attacks against Bitcoin exchange Mt. Gox and hack of Instawallet...
Botnet Operation for Dummies
Are you a self-starter with little or no technical skills looking to join the rapidly expanding, ethically dubious cybercrime industry? If you answered yes to this question, then the do-it-yourself, HTTP-based botnet profiled on Webroot by Dancho Danchev may be just the opportunity you’ve been...
Researchers Release Detection Tool For Gauss Malware's Palida Narrow Font
One of the many mysteries around the discovery of the Gauss malware is why the tool installs a new font called Palida Narrow on infected machines. Researchers have been unable to figure out yet what the purpose of the font is, but as its presence on a PC is a good indicator of a Gauss infection,...
Alleged Mariposa Botmaster in Court
One of the men authorities allege to have been behind the massive–and now dead–Mariposa botnet, has gone on trial in Slovenia, more than two years after the initial arrests and takedown of the network. Mariposa was one of the first handful of botnets that authorities and security researchers work...
Authorities Renew Campaign to Disinfect Computers Before July 9
With a deadline to pull surrogate servers extended, the FBI has launched a new campaign to prevent up to 350,000 computer users from losing Internet access this summer – including those tied to Fortune 500 companies and government agencies like NASA. Over the weekend, news media outlets began...
Apple, Following Microsoft's Lead, Plans to Disable Flashback Botnet
Apple, which usually doesn’t get involved much in security issues outside of issuing patches when needed, said it is working with internet service providers around the world to disable the Flashback botnet’s command and control servers. Flashback exploits a security flaw in Java, Apple explains,...
Researchers Confirm 600K-Strong Flashback Botnet Is Mostly Mac
Kaspersky Lab researchers say that analysis of the Flashfake botnet confirms the size of the malicious network and that it consists mostly of Mac OS X machines. Researchers at Kaspersky wrote on Friday that they were able to reverse engineer the domain generation algorithm used by the botnet, the...
Questions Abound On Size and Makeup of Flashback Botnet
The botnet assembled by the Flashback Trojan that’s been infecting Macs in recent months is turning out to be a rather difficult one to pin down. Researchers have said that the network of compromised machines may be upwards of 600,000, while newere estimates say that it’s more likely in the...
Flashback Mac Trojan Hits More than 500K Machines
The Flashback Trojan that has been infecting Mac OSX machines of late appears to have become the most successful piece of Mac-based malware in the short history of such things. Researchers say that there have been upwards of 500,000 Macs infected by the malware, and that number may still rise...