13 matches found
Malicious code in chalk-ultra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a219b45c3fdcdb883eeb2c7e74d20060af2c788865e7925f911e40276dcd631 chalk-ultra is published under a name that mimics the widely-used chalk package, but its main is a verbatim copy of nodemailer source and its...
Malicious code in ing-feat-itsme-oidc-authentication (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 175d0dba1f70bc84bcd4e29b57e0f7831248582614cd146af7d1ea6d1d057cd5 On npm install, package.json's preinstall hook executes poc.js, which collects os.hostname, os.userInfo.username, process.cwd, and process.platform,...
Malicious code in pgrayy-wasmtime (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7c9cfd90d6de2acd86d50019dfa4a2b140ac9246fdcbae8d7aaa3d17bd4af6e The distribution is published as pgrayy-wasmtime but its toplevel.txt declares the top-level import name as wasmtime, and the entire Python source tr...
Malicious Package
Overview dev-log-core is a malicious package. This package is the part of North Korea’s Contagious Interview Campaign and contains malicious payload, weaponised to steal credentials, wallets, and enable remote access to affected systems. The package attempts to mimic a legitimate package and the...
Malicious Package
Overview apachelicense is a malicious package. This package is the part of North Korea’s Contagious Interview Campaign and contains malicious payload, weaponised to steal credentials, wallets, and enable remote access to affected systems. The package attempts to mimic a legitimate package and the...
Malicious Package
Overview license-utils-kit is a malicious package. This package is the part of North Korea’s Contagious Interview Campaign and contains malicious payload, weaponised to steal credentials, wallets, and enable remote access to affected systems. The package attempts to mimic a legitimate package and...
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a...
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy , which is assessed to share overla...
Malicious Package
Overview claudeai-eng is a malicious package. This package mimics a tool for working with Claude, silently exfiltrating data and compromising developer environments. Remediation Avoid using all malicious instances of the claudeai-eng package. References - Vulnerability Report Credit: Leonid...
New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
Introduction In August 2024, our team identified a new crimeware bundle, which we named "SteelFox". Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular...
New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
By Waqas Bifrost RAT, also known as Bifrose, was originally identified two decades ago in 2004. This is a post from HackRead.com Read the original post: New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain...
Xenomorph banking Trojan downloaded over 50,000 times from Play Store
Besides the name of the creature that “stars” in the Alien movies by 20th Century Fox, Xenomorph is also the name given to an Android banking Trojan. Researchers found this banking Trojan to be distributed on the official Google Play Store, with more than 50,000 installations. The researchers...
netbus-version NSE Script
Extends version detection to detect NetBuster, a honeypot service that mimes NetBus. Example Usage nmap -sV -p 12345 --script netbus-version Script Output 12345/tcp open netbus Netbuster honeypot Requires nmap shortport stdnse local nmap = require "nmap" local shortport = require "shortport" loca...