Malicious code in noblox-ts (npm)

This package is considered malicious because it contains a heavily obfuscated postinstall.js script with multiple stages of payload execution, resulting in the delivery of QuasarRAT. This allows command and control by a malicious actor. --- -= Per source details. Do not edit below this line.=-...

Malicious code in bugsnagmw (npm)

The package bugsnagmw npm version 1.0.3 contains malicious code. The code was obfuscated to avoid detection. The malicious code is designed to steal sensitive information from the user's environment and send it to a remote server. See...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 CVE-2024-3094 is a critical security vulnerabili...

FakeSG campaign, Akira ransomware and AMOS macOS stealer

Introduction The crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platfo...

Adult content malvertising scheme leads to clickjacking

Malwarebytes researchers have found a malvertising scheme that leads to clickjacking. Clickjacking is a form of ad fraud which is also referred to as click fraud or click spam. It is a practice performed by certain dubious advertising networks, where they sometimes use automated programs--from...

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

A malicious Python package on the Python Package Index PyPI repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and...

New Kritec Magecart skimmer found on Magento stores

Threat actors often compete for the same resources, and this couldn't be further from the truth when it comes to website compromises. After all, if a vulnerability exists one can expect that it will be exploited more than once. In the past, we have seen such occurrences with Magecart threat actor...

Researchers Uncover Obfuscated Malicious Code in PyPI Python Packages

Four different rogue packages in the Python Package Index PyPI have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorizedkeys file. The packages in question are aptx, bingchilling2, httops, and tkint3rs...

Malicious Package

Overview certifie is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass...

Malicious Package

Overview awsclii is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass impo...

Malicious Package

Overview cerifi is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass impor...

Malicious Package

Overview b3oto3 is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass impor...

Malicious Package

Overview certife is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass impo...

Malicious Package

Overview certifiee is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass...

Adult popunder campaign used in mainstream ad fraud scheme

This blog post was authored by Jerome Segura Online advertising is a multi billion dollar industry with projected spending to reach over 600 billion U.S. dollars for 2022. It's not surprising that criminals are trying their hardest to abuse this ecosystem in any way that they can. One of the...

MCPMappingViewer 路径遍历漏洞

MCPMappingViewer is a small GUI for viewing the mapping from Minecraft obfuscated code names to MCP code names. A path traversal vulnerability exists in MCPMappingViewer. An attacker could use this vulnerability to perform incorrect operations to obtain sensitive information in file directories...

Malicious Package

Overview firefoxupdate is a malicious package. This is a "dependency confusion" package, which means the package name is based on existing repositories, namespaces, or components. It aims to trick users into downloading the package which contains obfuscated malicious code and initiates connection...

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEPMAVERICK by Securonix, also...

IconBurst software supply chain attack offers malicious versions of NPM packages

Researchers discovered evidence of a widespread software supply chain attack involving malicious Javascript packages offered via the npm package manager. The threat actors behind the IconBurst campaign used typosquatting to mislead developers looking for very popular packages. npm npm is short fo...

Researchers Find Backdoor in School Management Plugin for WordPress

Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out o...