RL discovered two malicious packages and a subsequent larger campaign, showing that the approach is an emerging software supply chain attack method.
Read More about Attackers leverage PyPI to sideload malicious DLLs
ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
Read More about GitGot: GitHub leveraged by cybercriminals to store stolen data
Cross-Platform Threats: Leveraging YARA to Identify BiBi Wiper on Linux and Windows Systems
Read More about From the Labs: YARA Rule for Detecting BiBi Wiper
ReversingLabs researchers have uncovered two novel techniques running on GitHub — one abusing GitHub Gists, another issuing commands through git commit messages.
Read More about Malware leveraging public infrastructure like GitHub on the rise
ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.
Read More about Protestware taps npm to call out wars in Ukraine, Gaza
ReversingLabs has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.
Read More about IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations
ReversingLabs discovered that one “s” was all that separated a legit npm package from a malicious twin that delivered the r77 rootkit — and was downloaded more than 700 times.
Read More about Typosquatting campaign delivers r77 rootkit via npm
Ransomware-as-a-service gang ALPHV (a.k.a. BlackCat) carried out a sophisticated attack on the hotel and casino company MGM. Here’s what the ReversingLabs threat team understands.
Read More about BlackCat (ALPHV): What we know about the MGM hack
RL threat researchers have discovered multiple malicious campaigns on open source repositories. Join the webinar to discuss key takeaways for app sec teams.
Read More about Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, as well as evidence linking the campaign to North Korea's Lazarus Group.
Read More about VMConnect supply chain attack continues, evidence points to North Korea
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.
Read More about Fake Roblox packages target npm with Luna Grabber info-stealing malware
ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
Read More about VMConnect: Malicious PyPI packages imitate popular open source modules
ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.
Read More about More malicious npm packages found in wake of JumpCloud supply chain hack
Inside Project Nemesis: Leveraging YARA to Identify Minodo in Evolving Cybercrime Operations
Read More about From the Labs: YARA Rule for Detecting Minodo
Tracking StealC's Rise: How YARA Rules Help Uncover a New Breed of Information Stealers
Read More about From the Labs: YARA Rule for Detecting StealC