Karlo Zanki

Reverse Engineer at ReversingLabs

Posts from Karlo Zanki

March 27, 2023

VS Code hack shows how supply chain attacks can extend to other software development tools

A Visual Studio Code Extensions Marketplace flaw highlights the risk potential. Here's how the VS Code IDE can proliferate to npm.

Read More about VS Code hack shows how supply chain attacks can extend to other software development tools

VS Code hack shows how supply chain attacks can extend to other software development tools

December 19, 2022

SentinelSneak: Malicious PyPI module poses as security software development kit

A malicious Python file found on the PyPI repository adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.

Read More about SentinelSneak: Malicious PyPI module poses as security software development kit

SentinelSneak: Malicious PyPI module poses as security software development kit

December 1, 2022

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Days after researchers for Phylum and Checkmarx revealed an ongoing software supply chain attack spreading the W4SP Stealer malware through malicious packages on the Python Package Index (PyPI), ReversingLabs researchers discovered 10 additional PyPI packages pushing modified versions of W4SP that were overlooked.

Read More about W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

September 23, 2022

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis.

Read More about Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

August 29, 2022

New malicious packages in PyPI: What it means for securing open source repositories

After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.

Read More about New malicious packages in PyPI: What it means for securing open source repositories

New malicious packages in PyPI: What it means for securing open source repositories

July 5, 2022

Update: IconBurst npm software supply chain attack grabs data from apps and websites

ReversingLabs researchers have uncovered a widespread campaign to install malicious npm modules that are harvesting sensitive data from forms embedded in mobile apps and websites.

Read More about Update: IconBurst npm software supply chain attack grabs data from apps and websites

Update: IconBurst npm software supply chain attack grabs data from apps and websites

June 2, 2022

Go below the surface on tampering: The trouble with software integrity validation

The growing number of software supply chain attacks is putting pressure on validation of software integrity and authenticity.

Read More about Go below the surface on tampering: The trouble with software integrity validation

Go below the surface on tampering: The trouble with software integrity validation

June 1, 2022

It’s not a secret if you publish it on PyPI

Python packages can contain sensitive information. Here's how software development teams can keep secrets secret

Read More about It’s not a secret if you publish it on PyPI

It’s not a secret if you publish it on PyPI

June 1, 2022

Coinminer and npm: What you see is not always what you get

Package repository content can be different from source code repository content. Here's what your software team needs to know.

Read More about Coinminer and npm: What you see is not always what you get

Coinminer and npm: What you see is not always what you get