Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free TrialThis week: NuGet is hit with a malicious typosquatting campaign. Also: A malicious ChatGPT Chrome extension is hijacking Facebook accounts.
Software supply chain attacks have greatly increased over the past year, especially on open source software repositories. As a result, malicious packages have been downloaded hundreds of thousands of times, causing supply chain attacks globally. Popular repositories npm and PyPI saw an almost 300% increase in supply chain attacks on their platforms in the past four years combined. Other repositories, such as NuGet, which houses .NET code components, haven’t been taken advantage of by attackers… Until now.
Researchers at JFrog recently discovered a possible first for NuGet: 13 malicious packages with trojan components that compromise a victim’s installation system and download crypto-stealing malware with backdoor functionality. While the malicious packages have been removed from the repository, they were downloaded more than 166,000 times, possibly causing thousands of supply chain attacks. The malicious packages impersonated legitimate software tools like Coinbase and Microsoft ASP.NET, making it easy for developers to accidentally download them. The attackers used typosquatting, in which the name of a popular package is copied and slightly misspelled, to trick developers into downloading these packages.
This recent campaign discovered by JFrog is significant, considering that typosquatting attacks of this nature have not yet occurred on the platform. This demonstrates that threat actors are continuing to see open source repositories as a worthy landscape for carrying out software supply chain attacks. Also, it shows that even less popular repositories like NuGet, which seemed resilient before, are still susceptible to these kinds of attacks.
Here are the stories we’re paying attention to this week…
In a recent tweet, Altman of OpenAI shared that a bug in an open source library, for which a fix has now been released, caused a small percentage of ChatGPT users to see the titles of other users' conversation history: "we feel awful about this."
A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts. This malicious version includes additional code that attempts to steal Facebook session cookies.
The Cybersecurity and Infrastructure Security Agency (CISA) updated the cybersecurity performance goals originally released in October, in an effort to more closely align the goals with the cybersecurity framework developed by the National Institute of Standards and Technology (NIST).
The company published a press release on the Ferrari website, as well as sent an email to affected customers. The company's communications confirmed that following a cyber-incident, the Ferrari Italian subsidiary was contacted by a threat actor, demanding that the ransom demand be paid.
Hackers drained millions of dollars in digital coins from cryptocurrency ATMs by exploiting a zero-day vulnerability, leaving customers on the hook for losses that can’t be reversed, the kiosk manufacturer has revealed.
A joint cybersecurity advisory from Germany and South Korea warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails. Kimsuky (aka Thallium, Velvet Chollima) is a North Korean threat group that uses spear phishing to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.
Get your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free Trial