Blog | ReversingLabs | Threat Research (3)

February 20, 2024

Attackers leverage PyPI to sideload malicious DLLs

RL discovered two malicious PyPI packages and a larger subsequent campaign of packages — highlighting that DLL sideloading is an emerging method for software supply chain attacks.

January 23, 2024

GitGot: GitHub leveraged by cybercriminals to store stolen data

ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.

December 20, 2023

From the Labs: YARA Rule for Detecting BiBi Wiper

In this edition of From the Labs, a series explaining the threats behind ReversingLabs' YARA rules, we break down BiBi Wiper, a wiper malware.

December 19, 2023

Malware leveraging public infrastructure like GitHub on the rise

RL researchers have uncovered two novel techniques running on GitHub — one abusing GitHub Gists, another issuing commands through git commit messages.

November 16, 2023

Protestware taps npm to call out wars in Ukraine, Gaza

ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.

October 31, 2023

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

RL has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.

October 4, 2023

Typosquatting campaign delivers r77 rootkit via npm

One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.

September 28, 2023

BlackCat (ALPHV): What we know about the MGM hack

Ransomware-as-a-service gang ALPHV/BlackCat carried out a sophisticated attack on the hotel and casino giant MGM. Here’s what the RL threat team knows.

September 5, 2023

Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

RL threat researchers have discovered multiple malicious campaigns on open repositories recently. Join the Webinar to discuss key takeaways.

August 31, 2023

VMConnect supply chain attack continues, evidence points to North Korea

ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, and evidence linking the campaign to North Korean threat actors.

August 22, 2023

Fake Roblox packages target npm with Luna Grabber info-stealing malware

ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository.

August 3, 2023

VMConnect: Malicious PyPI packages imitate popular open source modules

ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Threat Research (3)

Attackers leverage PyPI to sideload malicious DLLs

GitGot: GitHub leveraged by cybercriminals to store stolen data

From the Labs: YARA Rule for Detecting BiBi Wiper

Malware leveraging public infrastructure like GitHub on the rise

Protestware taps npm to call out wars in Ukraine, Gaza

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

Typosquatting campaign delivers r77 rootkit via npm

BlackCat (ALPHV): What we know about the MGM hack

Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

VMConnect supply chain attack continues, evidence points to North Korea

Fake Roblox packages target npm with Luna Grabber info-stealing malware

VMConnect: Malicious PyPI packages imitate popular open source modules

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Threat Research (3)

Topics

Follow us

Subscribe

Special Reports