14 matches found
MAL-2026-4707 Malicious code in vue-compiler-sfc-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c320320435358c109567ef3776ced079a2196b831b583b66c87323ddf402bae9 Package name and README impersonate the official @vue/compiler-sfc package; index.js merely re-exports it. The npm postinstall hook runs...
MAL-2026-2472 Malicious code in strapi-plugin-nordica-api (npm)
strapi-plugin-nordica-api is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
New "Whiffy Recon" Malware Triangulates Infected Device Location via Wi-Fi Every Minute
The SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. "The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems' positions by scanning nearby Wi-Fi access points as a da...
South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau
Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean...
ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors,...
APT Hackers Distributed Android Trojan via Syrian e-Government Portal
An advanced persistent threat APT actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observ...
Government VPN Servers Targeted in Zero-Day Attack
As the Chinese government turns to virtual private networks VPNs to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said. According to security analysts...
Network Security Monitoring vs Supply Chain Backdoors
On October 4, 2018, Bloomberg published a story titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” with a subtitle “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according t...
APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware
Security researchers at Kaspersky have identified a sophisticated APT hacking group that has been operating since at least 2012 without being noticed due to their complex and clever hacking techniques. The hacking group used a piece of advanced malware—dubbed Slingshot—to infect hundreds of...
Judy Android Malware Infects Over 36.5 Million Google Play Store Users
Security researchers have claimed to have discovered possibly the largest malware campaign on Google Play Store that has already infected around 36.5 million Android devices with malicious ad-click software. The security firm Checkpoint on Thursday published a blog post revealing more than 41...
Pwned by Vpon
Vpon is one of many mobile ad SDKs marketed towards mainland Chinese and Taiwanese developers and app users. Recently, FireEye mobile security researchers identified a branch of Vpon ad SDK on iOS containing code that allows a malicious actor be it the app developer or the SDK creator to remotely...
Months After A Patch, Targeted Attacks Still Using Adobe Flash Bug
More than three months after it was patched, attackers are still using a vulnerability in Adobe’s Flash product in targeted, ‘APT-style’ attacks. The vulnerability, identified as CVE-2012-0754 was patched in February and linked to targeted attacks weeks later. But new attacks targeting unpatched...
New Malware Found Exploiting Mac OS X Snow Leopard
Many Mac users recently have found themselves stumbling out of the darkness, shielding their eyes from the spotlight that attackers and malware writers are now shining on them. Malware having been a rarity on OS X, it’s taking some time to adjust, but while that’s happening the attackers are busy...
Ongoing Targeted Attack Campaign Going After Defense, Aerospace Industries
Researchers have identified a strain of malware that’s being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the...