VMConnect: Malicious PyPI packages imitate popular open source modules
ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
Threat Research
VMConnect: Malicious PyPI packages imitate popular open source modules
More malicious npm packages found in wake of JumpCloud supply chain hack
ReversingLabs researchers uncovered evidence of more malicious npm packages beyond those already disclosed — and conclude that the attack is still active.
From the Labs: YARA Rule for Detecting Minodo
Inside Project Nemesis: Leveraging YARA to Identify Minodo in Evolving Cybercrime Operations
From the Labs: YARA Rule for Detecting StealC
Tracking StealC's Rise: How YARA Rules Help Uncover a New Breed of Information Stealers
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
From the Labs: YARA Rule for Detecting HermeticRansom
The ReversingLabs YARA detection rule for HermeticRansom can help you find this ransomware in your environment.
When byte code bites: Who checks the contents of compiled Python files?
The ReversingLabs research team has identified a novel attack on PyPI using compiled Python code to evade detection — possibly the first attack to take advantage of PYC file direct execution.
RATs found hiding in the npm attic
ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an open source infostealer that lurked on npm for two months before being detected.
Detecting Debugger Evasion: Exception Flooding
Quantum, once a popular ransomware gang, is no longer an active threat. However, ReversingLabs researchers created detection rules for a debugger evasion recently added to the Malware Behavior Catalog as Exception Flooding.
Red teamers take on AI at DEF CON 31
It takes a village... Researchers play capture the flag to find vulns in tools like ChatGPT — with a White House assist.
Package names repurposed to push malware on PyPI
What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
Red flags flew over software supply chain-compromised 3CX update
The VOIP software company missed signs that its client had been tampered with before it pushed the update to customers.
VS Code hack shows how supply chain attacks can extend to other software development tools
A Visual Studio Code Extensions Marketplace flaw highlights the risk potential. Here's how the VS Code IDE can proliferate to npm.
From the Labs: YARA Rule for Detecting NB65
ReversingLabs YARA detection rule for NB65 can help you find this ransomware in your environment.
PyPI repo poisoned with "Colour-Blind" RAT
Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts