When Worms (and Phish) Attack

Recent research highlights how attackers are exploiting the interconnected nature of modern development environments to launch stealthy and highly effective supply chain intrusions.

Watch our latest Research Round-Up webinar as we dissect five campaigns investigated by ReversingLabs since June. They are:

• The Shai Hulud worm, which propagates through DevOps pipelines by abusing build automation and artifact distribution.
  
• Malicious Ethereum smart contracts embedding obfuscated logic designed to trigger hidden behaviors post-deployment.
  
• A weaponized pull request that introduced a backdoor into a Visual Studio Code extension.
  
• The ESLint compromise, where attackers compromised eslint-config-prettier - an npm package with more than 3.5 billion downloads and 12,000 dependencies, using it to inject persistent malware into developer systems.
  
• Malware families masquerading as legitimate VS Code extensions to evade detection and hijack developer workflows.

ReversingLabs researchers Karlo Zanki and Lucija Valentić will analyze attacker tradecraft—including social engineering against open-source maintainers, tampering with package registries, and abuse of developer trust in familiar tools.

Learn how these campaigns unfolded, what signals defenders should monitor in CI/CD pipelines and IDE ecosystems, and actionable measures to harden their own supply chain security posture.

Watch Now!