-
ReversingLabs Threat Research team digs deep into open source as well as proprietary and commercial software to identify new threats and attacks.
-
In our latest quarterly threat research round up, RL researchers dig into recent supply chain campaigns targeting platforms like NuGet and npm, and a scam targeting developers with phony job interviews that deliver malicious code packages.
Key research findings discussed include:
✓ A malicious NuGet campaign that saw malware authors using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code.
✓ A malicious package lurking on npm that mimicked a legitimate npm package with over a quarter of a million downloads designed to facilitate the uploading of files to Amazon’s AWS
✓ A VMConnect campaign in which malicious actors pose as recruiters, using packages and the names of financial firms to lure developers
AND MORE!
Listen in to learn more about these campaigns and get insights into ReversingLabs ongoing research into both commercial and open source software threats.
Watch Now!