Malicious PyPI crypto pay package aiocpa implants infostealer code
The incident demonstrates how machine learning-based threat hunting can help development teams spot threats other tools miss.
Threat Research
Malicious PyPI crypto pay package aiocpa implants infostealer code
Differential analysis raises red flags over @lottiefiles/lottie-player
Three versions of the popular package were infected and used to spread malicious code that was stealing crypto wallet assets.
.webp&w=3840&q=75)
When hackers get hacked: Sam Curry on his career — and his latest research
In a new ConversingLabs podcast, the independent security researcher talks about his early entry into the field — and his latest connected-car research.
Fake recruiter coding tests target devs with malicious Python packages
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs
Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found.
Malicious npm package targets AWS users
The history of the package is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.
Python downloader highlights noise problem in open source threat detection
RL discovered what appeared to be a malicious downloader on PyPI. It turned out to be red teaming — but highlights a growing problem for threat detection.
XZ Trojan highlights software supply chain risk posed by 'sock puppets'
There is no foolproof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three.
Malicious helpers: VS Code Extensions observed stealing sensitive information
Two newly discovered extensions on the VS Code Marketplace are designed to steal sensitive information, showing that open source attacks are expanding.
Suspicious NuGet package grabs data from industrial systems
Here's what the RL research team knows about the suspicious SqzrFramework480 campaign, which is still available on the NuGet repository.
BIPClip: Malicious PyPI packages target crypto wallet recovery passwords
RL has discovered a campaign using PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases, which are used for wallet recovery.
Level up your YARA game
How to apply YARA rules for threat detection, searching, hunting and more.
Attackers leverage PyPI to sideload malicious DLLs
RL discovered two malicious packages and a subsequent larger campaign, showing that the approach is an emerging software supply chain attack method.
GitGot: GitHub leveraged by cybercriminals to store stolen data
ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
From the Labs: YARA Rule for Detecting BiBi Wiper
Cross-Platform Threats: Leveraging YARA to Identify BiBi Wiper on Linux and Windows Systems