Malicious – OWASP Jakarta

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer Read more…

By adminowasp, 6 months ago

News

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and Read more…

By adminowasp, 6 months ago

News

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits

390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack Read more…

By adminowasp, 7 months ago

News

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of Read more…

By adminowasp, 7 months ago

News

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that’s designed to distribute an updated version of the Antidot banking trojan. “The attackers presented themselves as recruiters, luring unsuspecting victims with job offers,” Zimperium zLabs Read more…

By adminowasp, 7 months ago

News

XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine Read more…

By adminowasp, 7 months ago

News

INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled

INTERPOL Busts African Cybercrime: 1,006 Arrests, 134,089 Malicious Networks Dismantled An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti, the law Read more…

By adminowasp, 7 months ago

News

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware Nov 08, 2024Ravie LakshmananOpen Source / Malware A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber. “This incident highlights the alarming Read more…

By adminowasp, 8 months ago

News

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers Nov 07, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers’ Amazon Web Services Read more…

By adminowasp, 8 months ago

News

New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps Nov 06, 2024Ravie LakshmananMalware / Online Security Cybersecurity researchers are warning that a command-and-control (C&C) framework called Winos is being distributed within gaming-related applications like installation tools, speed boosters, and optimization utilities. “Winos 4.0 is an advanced malicious framework Read more…

By adminowasp, 8 months ago