Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing.
The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has been downloaded
Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code.
The packages, named NP6HelperHttptest and NP6HelperHttper, were each downloaded 537 and 166 times, respectively,
Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment.
Software supply chain security firm ReversingLabs described the campaign as coordinated and ongoing since August 1, 2023, while linking it to aΒ host of rogue NuGet packagesΒ that were observed delivering a remote access trojan called
A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit functionality.
The package in question isΒ node-hide-console-windows, which mimics the legitimate npm packageΒ node-hide-console-windowΒ in what's an instance of a typosquatting campaign. It wasΒ downloaded 704
Three additional rogue Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign calledΒ VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors.
TheΒ findingsΒ come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro.
First disclosed at the
Login
FreshRSS