Recherche : [phylum] - Cyberveille

Python Crypto Library Updated to Steal Private Keys https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys/

29/11/2024 23:18:25

Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean

Fake AWS Packages Ship Command and Control Malware In JPEG Files https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files

18/07/2024 23:25:43

On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed

Persistent npm Campaign Shipping Trojanized jQuery https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/

11/07/2024 14:19:32

Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery

Malicious Go Binary Delivered via Steganography in PyPI https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/

14/05/2024 10:34:12

On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into

Dozens of npm Packages Caught Attempting to Deploy Reverse Shell https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/

10/11/2023 10:17:03

On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48 different publications. These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek https://www.securityweek.com/developers-warned-of-malicious-pypi-npm-ruby-packages-targeting-macs/

06/09/2023 15:01:22

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers https://blog.phylum.io/malware-campaign-targets-npm-pypi-and-rubygems-developers/

06/09/2023 15:00:06

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM https://blog.phylum.io/phylum-detects-active-typosquatting-campaign-in-pypi

12/12/2022 15:55:58

Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.

Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack

02/11/2022 21:03:04

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

Liens par page

Filtres