Inside the NuGet hackers' toolset
RL discovered two packages containing scripts that complete a typosquatting toolchain. Here's how it worked.
Petar Kirhmajer
Threat Researcher, ReversingLabs.
Posts from Petar Kirhmajer
Inside the NuGet hackers' toolset
Malicious NuGet package targets Stripe
Threat actors targeted developers with a bogus package — a shift away from the recent crypto development hack focus.
NuGet malware targets Nethereum tools
Highlighting an alarming trend, RL has discovered malicious packages targeting crypto wallets and OAuth tokens to steal funds.
VS Code extensions contain trojan-laden image
RL researchers have identified 19 malicious extensions on the VS Code Marketplace — the majority containing a malicious file posing as a PNG.
Malicious pull request infects VS Code extension
ETHcode, a VS Code extension for Ethereum smart contract development, was compromised following a GitHub pull request.
Suspicious NuGet package grabs data from industrial systems
Here's what the RL research team knows about the suspicious SqzrFramework480 campaign, which is still available on the NuGet repository.
Attackers leverage PyPI to sideload malicious DLLs
RL discovered two malicious packages and a subsequent larger campaign, showing that the approach is an emerging software supply chain attack method.