Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 3
54 résultats taggé Supply-chain-attack  ✕
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload https://socket.dev/blog/wget-to-wipeout-malicious-go-modules-fetch-destructive-payload
06/05/2025 11:23:41
QRCode
archive.org
thumbnail

Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.

The Go ecosystem, valued for its simplicity, transparency, and flexibility, has exploded in popularity. With over 2 million modules available, developers rely heavily on public repositories like GitHub. However, this openness is precisely what attackers exploit.

No Central Gatekeeping: Developers freely source modules directly from GitHub repositories, trusting the naming conventions implicitly.
Prime Target for Typosquatting: Minimal namespace validation enables attackers to masquerade malicious modules as popular libraries.
Introduction: The Silent Threat#
In April 2025, we detected an attack involving three malicious Go modules which employ similar obfuscation techniques:

github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy
Despite appearing legitimate, these modules contained highly obfuscated code designed to fetch and execute remote payloads. Socket’s scanners flagged the suspicious behaviors, leading us to a deeper investigation.

socket.dev EN 2025 Wipeout github Payload GO research Developers supply-chain-attack
Linux wiper malware hidden in malicious Go modules on GitHub https://www.bleepingcomputer.com/news/security/linux-wiper-malware-hidden-in-malicious-go-modules-on-github/
06/05/2025 11:21:38
QRCode
archive.org
thumbnail

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub.

The campaign was detected last month and relied on three malicious Go modules that included “highly obfuscated code” for retrieving remote payloads and executing them.

Complete disk destruction
The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload - a Bash script named done.sh, runs a ‘dd’ command for the file-wiping activity.

Furthermore, the payload verifies that it runs in a Linux environment (runtime.GOOS == "linux") before trying to execute.

An analysis from supply-chain security company Socket shows that the command overwrites with zeroes every byte of data, leading to irreversible data loss and system failure.

The target is the primary storage volume, /dev/sda, that holds critical system data, user files, databases, and configurations.

“By populating the entire disk with zeros, the script completely destroys the file system structure, operating system, and all user data, rendering the system unbootable and unrecoverable” - Socket

The researchers discovered the attack in April and identified three Go modules on GitHub, that have since been removed from the platform:

github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy

bleepingcomputer EN 2025 Data-Wiper GitHub Golang Linux Server supply-chain-attack
Using Trusted Protocols Against You: Gmail as a C2 Mechanism... https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism
02/05/2025 11:40:53
QRCode
archive.org
thumbnail

Socket’s Threat Research Team uncovered malicious Python packages designed to create a tunnel via Gmail. The threat actor’s email is the only potential clue as to their motivation, but once the tunnel is created, the threat actor can exfiltrate data or execute commands that we may not know about through these packages. These seven packages:

Coffin-Codes-Pro
Coffin-Codes-NET2
Coffin-Codes-NET
Coffin-Codes-2022
Coffin2022
Coffin-Grave
cfc-bsb
use Gmail, making these attempts less likely to be flagged by firewalls and endpoint detection systems since SMTP is commonly treated as legitimate traffic.

These packages have since been removed from the Python Package Index (PyPI).

socket.dev EN 2025 supply-chain-attack PyPI Python packages malicious Gmail tunnel
JFrog Detects Malicious PyPi package Stealing Crypto Tokens https://jfrog.com/blog/malicious-pypi-package-hijacks-mexc-orders-steals-crypto-tokens/
24/04/2025 13:45:24
QRCode
archive.org
thumbnail

Learn how JFrog detected a malicious package that steals MEXC credentials and crypto trading tokens to buy and sell futures on crypto trading platforms.

JFrog EN 2025 PyPi MEXC credentials stealer malicious ccxt-mexc-futures supply-chain-attack
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor
23/04/2025 09:14:52
QRCode
archive.org
thumbnail

The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

aikido.dev EN 2025 XPRL NPM package compromised backdoor cryptocurrency supply-chain-attack
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors https://socket.dev/blog/npm-malware-targets-telegram-bot-developers
21/04/2025 09:18:28
QRCode
archive.org
thumbnail

Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.

socket.dev EN 2025 Telegram bot libraries SSH backdoors npm Supply-Chain-Attack
The Rise of Slopsquatting: How AI Hallucinations Are Fueling a New Class of Supply Chain Attacks https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks
11/04/2025 08:59:58
QRCode
archive.org
thumbnail

Slopsquatting is a new supply chain threat where AI-assisted code generators recommend hallucinated packages that attackers register and weaponize.

Slopsquatting EN 2025 Slopsquatting Supply-Chain-Attack
Large enterprises scramble after supply-chain attack spills their secrets https://arstechnica.com/information-technology/2025/03/supply-chain-attack-exposing-credentials-affects-23k-users-of-tj-actions/
23/03/2025 17:20:58
QRCode
archive.org
thumbnail

tj-actions/changed-files corrupted to run credential-stealing memory scraper.

arstechnica EN 2025 tj-actions/changed-files Supply-Chain-Attack Tj-actions
Microsoft spots XCSSET macOS malware variant used for crypto theft https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/
18/02/2025 15:37:22
QRCode
archive.org
thumbnail

A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app.

bleepingcomputer EN 2025 Apple Malware Supply-Chain-Attack Xcode XCSSET Security
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/
10/02/2025 13:40:08
QRCode
archive.org
thumbnail

The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines - and then abandoned.

Naturally, we registered them, just to see what would happen - “how many people are really trying to request software updates from S3 buckets that appear to have been abandoned months or even years ago?”, we naively thought to ourselves.

watchtowr EN 2025 Amazon S3 buckets Supply-Chain-Attack
Go Module Mirror served backdoor to devs for 3+ years - Ars Technica https://arstechnica.com/security/2025/02/backdoored-package-in-go-mirror-site-went-unnoticed-for-3-years/
10/02/2025 13:29:43
QRCode
archive.org
thumbnail

Supply chain attack targets developers using the Go programming language.

arstechnica EN 2025 Go Module Mirror backdoor Supply-Chain-Attack
New details reveal how hackers hijacked 35 Google Chrome extensions https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/
02/01/2025 10:47:03
QRCode
archive.org
thumbnail

New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.

bleepingcomputer EN 2024 Chrome-extension Cyberhaven Data-Theft Facebook OAuth Phishing Supply-Chain-Attack
A new playground: Malicious campaigns proliferate from VSCode to npm https://www.reversinglabs.com/blog/a-new-playground-malicious-campaigns-proliferate-from-vscode-to-npm
20/12/2024 09:27:08
QRCode
archive.org
thumbnail

To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.

reversinglabs EN 2024 Malicious VSCode npm Supply-Chain-Attack
Supply Chain Attack on Rspack npm Packages Injects Cryptojac... https://socket.dev/blog/rspack-supply-chain-attack
20/12/2024 09:12:54
QRCode
archive.org
thumbnail

A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.

socket.dev EN 2024 Supply-Chain-Attack Rspack malware npm
zizmor would have caught the Ultralytics workflow vulnerability https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection
08/12/2024 15:42:01
QRCode
archive.org
thumbnail

TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.

yossarian EN 2024 Supply-Chain-Attack zizmor Ultralytics vulnerability workflow
Ultralytics AI model hijacked to infect thousands with cryptominer https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/
08/12/2024 15:40:38
QRCode
archive.org
thumbnail

The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)  

bleepingcomputer EN 2024 Artificial-Intelligence Open-Source Supply-Chain Supply-Chain-Attack Ultralytics
Python Crypto Library Updated to Steal Private Keys https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys/
29/11/2024 23:18:25
QRCode
archive.org
thumbnail

Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean

phylum EN 2024 Python Crypto Library PyPI malicious code aiocpa Supply-chain-attack
Triad Nexus: Silent Push exposes FUNNULL CDN hosting DGA domains for suspect Chinese gambling sites, investment scams, a retail phishing campaign, and a polyfill.io supply chain attack impacting 110,000+ sites https://www.silentpush.com/blog/triad-nexus-funnull/
25/10/2024 08:59:33
QRCode
archive.org
thumbnail

Key findings Executive summary Background Join the Silent Push Community Sign up for a free Silent Push Community account FUNNULL and fake trading apps FUNNULL’s CDN, rising up from corrupted soil Additional hostname analysis FUNNULL CNAME chains An in-depth look at FUNNULL’s corporate brand Suncity Group connections Suncity Group-related infrastructure accounted for more than 6,500

silentpush EN 2024 FUNNULL CDN Polyfill.io Supply-chain-attack
Researchers link Polyfill supply chain attack to huge network of copycat gambling sites https://techcrunch.com/2024/10/22/researchers-link-polyfill-supply-chain-attack-to-huge-network-of-copycat-gambling-sites/
22/10/2024 18:31:07
QRCode
archive.org
thumbnail

A supply chain hack targeting 100,000 websites was launched to redirect internet users to a massive online gambling network.

techcrunch EN 2024 Polyfill Supply-chain-attack gambling
Malicious Python Package Targets macOS Developers https://checkmarx.com/blog/malicious-python-package-targets-macos-developers-to-access-their-gcp-accounts/?ref=news.risky.biz
29/07/2024 09:26:47
QRCode
archive.org
thumbnail
  • A package called “lr-utils-lib” was uploaded to PyPi in early June 2024, containing malicious code that executes automatically upon installation.
  • The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data.
  • The harvested credentials are sent to a remote server.
checkmarx EN 2024 macOS stealer Supply-chain-attack PyPI pypi-malware lr-utils-lib developpers
page 1 / 3
4252 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio