IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations
ReversingLabs has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.
Threat Research
IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations
Typosquatting campaign delivers r77 rootkit via npm
ReversingLabs discovered that one “s” was all that separated a legit npm package from a malicious twin that delivered the r77 rootkit — and was downloaded more than 700 times.
BlackCat (ALPHV): What we know about the MGM hack
Ransomware-as-a-service gang ALPHV (a.k.a. BlackCat) carried out a sophisticated attack on the hotel and casino company MGM. Here’s what the ReversingLabs threat team understands.
Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
RL threat researchers have discovered multiple malicious campaigns on open source repositories. Join the webinar to discuss key takeaways for app sec teams.
VMConnect supply chain attack continues, evidence points to North Korea
ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, as well as evidence linking the campaign to North Korea's Lazarus Group.
Fake Roblox packages target npm with Luna Grabber info-stealing malware
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.
VMConnect: Malicious PyPI packages imitate popular open source modules
ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
More malicious npm packages found in wake of JumpCloud supply chain hack
ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.
From the Labs: YARA Rule for Detecting Minodo
Inside Project Nemesis: Leveraging YARA to Identify Minodo in Evolving Cybercrime Operations
From the Labs: YARA Rule for Detecting StealC
Tracking StealC's Rise: How YARA Rules Help Uncover a New Breed of Information Stealers
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
From the Labs: YARA Rule for Detecting HermeticRansom
The ReversingLabs YARA detection rule for HermeticRansom can help you find this ransomware in your environment.
When byte code bites: Who checks the contents of compiled Python files?
The ReversingLabs research team has identified a novel attack on PyPI using compiled Python code to evade detection — possibly the first attack to take advantage of PYC file direct execution.
RATs found hiding in the npm attic
ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an open source infostealer that lurked on npm for two months before being detected.
Detecting Debugger Evasion: Exception Flooding
Quantum, once a popular ransomware gang, is no longer an active threat. However, ReversingLabs researchers created detection rules for a debugger evasion recently added to the Malware Behavior Catalog as Exception Flooding.