Recent Posts from Lucija Valentić
October 4, 2023
One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.
August 22, 2023
ReversingLabs identified more than a dozen malicious packages targeting Roblox users on the npm public repository, recalling an attack from 2021.
July 6, 2023
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
May 18, 2023
ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an infostealer that lurked on npm for months before being detected.
April 24, 2023
What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
February 22, 2023
ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.
February 9, 2023
Aabquerys is a malicious npm package discovered typosquatting on a legitimate npm module that downloads malicious components, ReversingLabs discovered.