Skip Navigation

Ax Sharma

Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.

StringJS typosquat deploys Discord infostealer obfuscated five times

By Ax Sharma on July 26, 2022 vulnerabilities

4 minute read time

An npm package called 'stringjs_lib' identified by Sonatype this week typosquats the popular npm library 'string' (or StringJS) to ship an obfuscated.
Read More...

This Week in Malware — John Deere dependency confusion attempt and more

By Ax Sharma on July 22, 2022 vulnerabilities

2 minute read time

We discovered and analyzed 17 packages, at least a dozen of which were dependency confusion PoCs directly targeting the agricultural equipment giant John Deere.
Read More...

John Deere dependency confusion attempt flagged by Sonatype

By Ax Sharma on July 21, 2022 vulnerabilities

3 minute read time

Sonatype identified 17 npm packages, at least 12 of which directly target John Deere's private npm dependencies via dependency confusion, a technique that.
Read More...

This Week in Malware — July 15th edition

By Ax Sharma on July 15, 2022 vulnerabilities

2 minute read time

This Week in Malware we identified over 34 npm and PyPI packages that are either dependency confusion candidates, prank packages, contain PoC reverse shell.
Read More...

This Week in Malware — Python packages peek into your Telegram, set up Windows RDP access

By Ax Sharma on July 08, 2022 vulnerabilities

3 minute read time

This Week in Malware we discovered and analyzed multiple malicious PyPI packages that either set up new Remote Desktop user accounts on your Windows computer.
Read More...

PyPI packages steal Telegram cache files, add Windows Remote Desktop accounts

By Ax Sharma on July 07, 2022 vulnerabilities

3 minute read time

We analyze Python packages that steal Telegram Desktop client files and set up Remote Desktop access accounts after infecting Windows systems.
Read More...

This Week in Malware — Python cryptominers, 345 dependency confusion packages

By Ax Sharma on July 01, 2022 vulnerabilities

16 minute read time

This week's highlights include a PyPI typosquat that drops a cryptominer and AWS credential stealer, along with an influx of 345 dependency confusion packages.
Read More...

python-dateutils — A cryptominer in disguise targeting Windows, Linux, macOS

By Ax Sharma on June 29, 2022 vulnerabilities

5 minute read time

We analyze a suspicious 'python-dateutils' PyPI package targeting Python developers to mine cryptocurrency after infecting their Windows, macOS or Linux.
Read More...

This Week in Malware — Show me your secrets!

By Ax Sharma on June 24, 2022 vulnerabilities

2 minute read time

These Python packages not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.
Read More...