New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux

By Ax Sharma on May 20, 2022 vulnerabilities

5 minute read time

The 'pymafka' PyPI package is filled with trojans targeting Windows, macOS & Linux users and appears to typosquat the popular PyKafka, a programmer-friendly Apache Kafka client for Python.
Read More...

This Week in Malware—Malicious Rust crate, 'colors' typosquats

By Ax Sharma on May 14, 2022 vulnerabilities

6 minute read time

From a malcious Rust typosquat found in the crates[.]io repository to ongoing typosquatting attacks on 'colors' library, the OSS security problem hasn't gone away just yet.
Read More...

This Week in Malware—Apache Kafka typosquats, shorthand data exfiltration

By Ax Sharma on May 06, 2022 vulnerabilities

4 minute read time

This Week In Malware—May 6th edition: Apache Kafka typosquat, and a simple distraction technique.
Read More...

npm package downloads another package while exfiltrating your IP address and username

By Ax Sharma on May 06, 2022 vulnerabilities

5 minute read time

On any given day we analyze hundreds of suspicious npm and PyPI packages, but this one stood out to us. An npm package that downloads another empty npm package?
Read More...

Malicious npm 'colors' typosquats pack Discord malware

By Ax Sharma on May 03, 2022 vulnerabilities

5 minute read time

Sonatype has caught newer typosquats of the popular 'colors' npm library that contain Discord info-stealing malware.
Read More...

This Week in Malware—npm backdoors, bugs, 'mystery placeholders'

By Ax Sharma on April 29, 2022 vulnerabilities

6 minute read time

This Week in Malware we discuss malicious packages with backdoors and hidden Discord stealers, a serious npm bug that allowed for maintainer tampering, and hundreds of 'mystery placeholders' we are
Read More...

This Week in Malware—Malicious 'Distutil' and Spring4Shell active exploitation

By Ax Sharma on April 22, 2022 github

7 minute read time

A malicious 'Distutil' PyPI package, active Spring4Shell exploitation by attackers deploying cryptominers, An open source tool that enabled users to add Google Play to PCs, but secretly installed
Read More...

This Week in Malware - Special Edition on Protestware and a Struts RCE Deja Vu

By Ax Sharma on April 15, 2022 vulnerabilities

4 minute read time

In a special edition of This Week in Malware, we change focus and look at protestware and the tale of a two-year-old Struts bug that's returned.
Read More...

This week in malware—VMWare, secrets, and security by obscurity

By Ax Sharma on April 08, 2022 vulnerabilities

2 minute read time

This week in malware digest for 8th April 2022: VMWare dependency confusion attempt and the importance of secrets management.
Read More...