Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. “The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads Read more…

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals Several malicious Android apps that turn mobile devices running the operating system into residential proxies (RESIPs) for other threat actors have been observed on the Google Play Store. The findings come from HUMAN’s Satori Threat Intelligence team, which said Read more…

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign. It said “new project creation and new user registration” was temporarily halted to mitigate Read more…

Malicious NuGet Package Linked to Industrial Espionage Targets Developers

Malicious NuGet Package Linked to Industrial Espionage Targets Developers

Malicious NuGet Package Linked to Industrial Espionage Targets Developers Threat hunters have identified a suspicious package in the NuGet package manager that’s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which ReversingLabs said was Read more…

North Korean Hackers Targeting Developers with Malicious npm Packages

North Korean Hackers Targeting Developers with Malicious npm Packages

North Korean Hackers Targeting Developers with Malicious npm Packages A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages Read more…