NuGet malware targets Nethereum tools
Highlighting an alarming trend, RL has discovered malicious packages targeting crypto wallets and OAuth tokens to steal funds.
Threat Research
NuGet malware targets Nethereum tools
VS Code extensions contain trojan-laden image
RL researchers have identified 19 malicious extensions on the VS Code Marketplace — the majority containing a malicious file posing as a PNG.
New Shai-hulud worm spreads: What to know
A wave of malware has spread to 795 npm packages — and been downloaded more than 100 million times.
Bootstrap script exposes PyPI to domain takeover attacks
Proving the road to takeover is paved with setuptools alternatives, the script for a popular Python package for building and installing PyPI packages leaves them vulnerable.
How PowerShell Gallery simplifies attacks
PowerShell Gallery’s Install-Module command presents one key link in the kill chain of a possible attack.
Tracking an evolving Discord-based RAT family
RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules.
Shai-hulud npm attack: What you need to know
RL researchers detected the first self-replicating worm that compromised npm packages with cloud token-stealing malware. Here's what you need to know.
Ethereum contracts push malware on npm
RL discovered how the crypto contracts were abused — and how this incident is tied to a larger campaign to promote malicious packages on top repositories.
Threat actors claim VS Code extension names
RL has discovered a loophole on VS Code Marketplace that allows threat actors to reuse legitimate, removed package names for malicious purposes.
Compromised npm package threatens projects
The eslint-config-prettier package exposed more than 10,000 dependent projects. The incident highlights the growing risks in automated dependency updating.
Malicious pull request infects VS Code extension
ETHcode, a VS Code extension for Ethereum smart contract development, was compromised following a GitHub pull request.
Threat actor Banana Squad exploits GitHub repos in new campaign
ReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files.
Malicious attack method on hosted ML models now targets PyPI
RL researchers detected a new malicious campaign that exploits the Pickle file format on the Python Package Index.
Backdoor implant discovered on PyPI posing as debugging utility
RL researchers detected a sophisticated, malicious package believed to be an ongoing campaign that may be linked to a hacktivist gang.
From the Labs: YARA Rule for Detecting Conti
ReversingLabs’ YARA detection rule for Conti can help you detect this ransomware in your environment. We provide tools and information that you can use to spot CONTI at work in your environment.