News and Notes from the Makers of Nexus | Sonatype Blog

Ax Sharma

Ax is a Security Researcher at Sonatype and Engineer who holds a passion for perpetual learning. His works and expert analyses have frequently been featured by leading media outlets. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences.

PyPI packages steal Telegram cache files, add Windows Remote Desktop accounts

By Ax Sharma on July 07, 2022 vulnerabilities

3 minute read time

We analyze Python packages that steal Telegram Desktop client files and set up Remote Desktop access accounts after infecting Windows systems.

Read More...

This Week in Malware — Python cryptominers, 345 dependency confusion packages

By Ax Sharma on July 01, 2022 vulnerabilities

16 minute read time

This week's highlights include a PyPI typosquat that drops a cryptominer and AWS credential stealer, along with an influx of 345 dependency confusion packages.

Read More...

python-dateutils — A cryptominer in disguise targeting Windows, Linux, macOS

By Ax Sharma on June 29, 2022 vulnerabilities

5 minute read time

We analyze a suspicious 'python-dateutils' PyPI package targeting Python developers to mine cryptocurrency after infecting their Windows, macOS or Linux.

Read More...

This Week in Malware — Show me your secrets!

By Ax Sharma on June 24, 2022 vulnerabilities

2 minute read time

These Python packages not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.

Read More...

Python packages upload your AWS keys, env vars, secrets to the web

By Ax Sharma on June 23, 2022 vulnerabilities

5 minute read time

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

Read More...

This Week in Malware — Killing Windows Defender with an npm package

By Ax Sharma on June 17, 2022 vulnerabilities

3 minute read time

This Week in Malware we discuss a malicious npm package that disables Windows Defender before dropping a trojan, and ongoing dependency confusion findings.

Read More...

npm package disables Windows Defender before dropping Trojan

By Ax Sharma on June 13, 2022 vulnerabilities

3 minute read time

npm package 'flame-vali' makes multiple attempts to disable Windows Defender on the infected system before downloading a cryptominer.

Read More...

This Week in Malware — npm malware exfiltrates Windows SAM, Amazon EC2 credentials

By Ax Sharma on June 10, 2022 vulnerabilities

4 minute read time

Malicious packages caught this week exfiltrate Amazon EC2, Windows SAM credentials, and launch malicious executables.

Read More...

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

By Ax Sharma on May 24, 2022 vulnerabilities

5 minute read time

Popular Python package 'ctx' that is downloaded over 22,000 times weekly on PyPI registry has been compromised and now steals environment variables.

Read More...

Previous Next

Ax Sharma

PyPI packages steal Telegram cache files, add Windows Remote Desktop accounts

This Week in Malware — Python cryptominers, 345 dependency confusion packages

python-dateutils — A cryptominer in disguise targeting Windows, Linux, macOS

This Week in Malware — Show me your secrets!

Python packages upload your AWS keys, env vars, secrets to the web

This Week in Malware — Killing Windows Defender with an npm package

npm package disables Windows Defender before dropping Trojan

This Week in Malware — npm malware exfiltrates Windows SAM, Amazon EC2 credentials

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Secure your software supply chain

Subscribe for all the latest software security news and events