phylum

phylum, 4 months ago to opensource

We continue to identify sophisticated threats originating from the use of #opensource software packages. This time the attacker uses a signed #Microsoft executable to initiate the attack chain through an #npm package.

#malware #cybersec #infosec #javascript #reverseengineering #software #cybersecurity

https://blog.phylum.io/npm-package-found-delivering-sophisticated-rat/

phylum, 6 months ago to python

We continue to see #malware #python packages published to #pypi. Over the last few days we've been tracking a series of #software packages purporting to help with internationalization.

https://blog.phylum.io/obfuscated-pypi-packages-purporting-to-be-i18n-libraries-actually-stealing-telegram-data/

We're also tracking several other campaigns in other ecosystems. More on this to follow.

#opensource #pythonprogramming #cybersecurity #supplychain

campuscodi, 8 months ago to random

DevSecOps company Phylum has spotted a threat actor publishing malicious libraries on three package repositories at the same time.

The campaign involved three malicious Python packages, seven JavaScript libraries, and two Ruby gems.

All libraries contained the same malicious code that gathered information on infected hosts and uploaded it to a Chinese server.

https://blog.phylum.io/malware-campaign-targets-npm-pypi-and-rubygems-developers/

phylum, 8 months ago to opensource

We are currently tracking a #malware campaign across #opensource ecosystems. While this isn't the first time we've seen this behavior, these coordinated attacks across package registries are becoming more frequent. Packages have been reported and removed.

More details to follow.

#javascript #python #cybersecurity #cyberattack