Petar Kirhmajer

Threat Researcher, ReversingLabs.

Posts from Petar Kirhmajer

December 17, 2025

NuGet malware targets Nethereum tools

Highlighting an alarming trend, RL has discovered malicious packages targeting crypto wallets and OAuth tokens to steal funds.

Read More about NuGet malware targets Nethereum tools

NuGet malware targets Nethereum tools

December 10, 2025

VS Code extensions contain trojan-laden image

RL researchers have identified 19 malicious extensions on the VS Code Marketplace — the majority containing a malicious file posing as a PNG.

Read More about VS Code extensions contain trojan-laden image

VS Code extensions contain trojan-laden image

July 8, 2025

Malicious pull request infects VS Code extension

ETHcode, a VS Code extension for Ethereum smart contract development, was compromised following a GitHub pull request.

Read More about Malicious pull request infects VS Code extension

Malicious pull request infects VS Code extension

March 26, 2024

Suspicious NuGet package grabs data from industrial systems

Here's what the RL research team knows about the suspicious SqzrFramework480 campaign, which is still available on the NuGet repository.

Read More about Suspicious NuGet package grabs data from industrial systems

Suspicious NuGet package grabs data from industrial systems

February 20, 2024

Attackers leverage PyPI to sideload malicious DLLs

RL discovered two malicious packages and a subsequent larger campaign, showing that the approach is an emerging software supply chain attack method.

Read More about Attackers leverage PyPI to sideload malicious DLLs

Attackers leverage PyPI to sideload malicious DLLs