""The threat actor's packages were designed to impersonate legitimate developer tooling, while quietly functioning as malware loaders, extending Contagious Interview's established playbook into a coordinated cross-ecosystem supply chain operation.""
""That makes this cluster notable not just for its cross-ecosystem reach, but for the depth of post-compromise functionality embedded in at least part of the campaign.""
""What makes the latest set of libraries noteworthy is that the malicious code is not triggered during installation. Rather, it's embedded into seemingly legitimate functions that align with the package's advertised purpose.""
The Contagious Interview campaign has expanded by releasing malicious packages in the Go, Rust, and PHP ecosystems. These packages impersonate legitimate developer tools while acting as malware loaders. They fetch second-stage payloads that include infostealer and remote access trojan capabilities, focusing on data collection from web browsers and cryptocurrency wallets. A Windows version features extensive post-compromise functionality, allowing for command execution, keystroke logging, and remote access. The malicious code is embedded in legitimate functions, remaining dormant during installation.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]