#typosquatting
#typosquatting

[ follow ]

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Ten malicious npm packages deliver a multi-stage information stealer using obfuscation, fake CAPTCHA, IP fingerprinting, and a 24MB PyInstaller payload targeting Windows, Linux, and macOS.

Information security

fromIT Pro

3 days ago

Hackers are using these malicious npm packages to target developers on Windows, macOS, and Linux systems - here's how to stay safe

Typosquatted npm packages delivered a PyInstaller 24MB infostealer across Windows, macOS, and Linux using multi-layer obfuscation, fake CAPTCHA, and IP fingerprinting.

fromThe Hacker News

1 week ago

Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys

Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims' cryptocurrency wallet keys. The package, Netherеum.All, has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and keystore data, according to security company Socket.

Information security

fromThe Hacker News

1 month ago

Malicious Rust Crates Steal Solana and Ethereum Keys - 8,424 Downloads Confirmed

Two malicious Rust crates impersonated fast_log to scan source code and exfiltrate Solana and Ethereum private keys to a hardcoded C2 endpoint.

Artificial intelligence

fromTheregister

6 months ago

AI code suggestions sabotage software supply chain

LLM-powered code generation tools are reshaping software development but may introduce significant risks to the software supply chain.