Blog | ReversingLabs | Karlo Zanki

July 11, 2024

Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs

Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found.

June 5, 2024

Python downloader highlights noise problem in open source threat detection

RL discovered what appeared to be a malicious downloader on PyPI. It turned out to be red teaming — but highlights a growing problem for threat detection.

March 12, 2024

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

RL has discovered a campaign using malicious PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases used for crypto wallet recovery.

December 19, 2023

Malware leveraging public infrastructure like GitHub on the rise

RL researchers have uncovered two novel techniques running on GitHub — one abusing GitHub Gists, another issuing commands through git commit messages.

October 31, 2023

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

RL has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.

August 31, 2023

VMConnect supply chain attack continues, evidence points to North Korea

ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, and evidence linking the campaign to North Korean threat actors.

August 3, 2023

VMConnect: Malicious PyPI packages imitate popular open source modules

ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.

June 1, 2023

When byte code bites: Who checks the contents of compiled Python files?

ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.

March 30, 2023

Red flags flew over software supply chain-compromised 3CX update

The VOIP software vendor missed signs that its client software had been tampered with before it pushed the update to customers.

March 27, 2023

VS Code hack shows how supply chain attacks can extend to other software development tools

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.

December 19, 2022

SentinelSneak: Malicious PyPI module poses as security software development kit

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.

December 1, 2022

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Karlo Zanki

Recent Posts from Karlo Zanki

Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs

Python downloader highlights noise problem in open source threat detection

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

Malware leveraging public infrastructure like GitHub on the rise

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

VMConnect supply chain attack continues, evidence points to North Korea

VMConnect: Malicious PyPI packages imitate popular open source modules

When byte code bites: Who checks the contents of compiled Python files?

Red flags flew over software supply chain-compromised 3CX update

VS Code hack shows how supply chain attacks can extend to other software development tools

SentinelSneak: Malicious PyPI module poses as security software development kit

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

Karlo Zanki

Recent Posts from Karlo Zanki

Topics

Follow us

Subscribe

Special Reports