More than 200 cryptomining packages flood npm and PyPI registry
5 minute read time
More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
Read More...
This Week in Malware - Fileless Linux cryptominer, 100 packages
6 minute read time
This week Sonatype discovered more than 100 open source packages that were malicious, suspicious, or dependency confusion attacks.
Read More...
PyPI package 'secretslib' drops fileless Linux malware to mine monero
7 minute read time
Sonatype identified a 'secretslib' PyPI package that covertly installs cryptominers on Linux systems.
Read More...
This Week in Malware — Typosquats in PyPI, dependency confusion packages
2 minute read time
This Week in Malware we discovered 50 packages that are either malicious or dependency confusion attacks.
Read More...
Ransomware in PyPI: Sonatype spots 'Requests' typosquats
7 minute read time
Sonatype has spotted multiple typosquats of the popular Python library, 'requests' that contain ransomware scripts.
Read More...
StringJS typosquat deploys Discord infostealer obfuscated five times
4 minute read time
An npm package called 'stringjs_lib' identified by Sonatype this week typosquats the popular npm library 'string' (or StringJS) to ship an obfuscated.
Read More...
This Week in Malware — John Deere dependency confusion attempt and more
2 minute read time
We discovered and analyzed 17 packages, at least a dozen of which were dependency confusion PoCs directly targeting the agricultural equipment giant John Deere.
Read More...
John Deere dependency confusion attempt flagged by Sonatype
3 minute read time
Sonatype identified 17 npm packages, at least 12 of which directly target John Deere's private npm dependencies via dependency confusion, a technique that.
Read More...
This Week in Malware — July 15th edition
2 minute read time
This Week in Malware we identified over 34 npm and PyPI packages that are either dependency confusion candidates, prank packages, contain PoC reverse shell.
Read More...