Python Package Index (PyPI), the largest repository of Python packages, has once again been forced to suspend new account and new project registrations. Cybersecurity experts from both Checkmarx and Check Point observed a large-scale cyberattack in which threat actors tried to upload hundreds of malicious packages to the platform, in an attempt to compromise software … Read more
Cybersecurity researchers from Checkmarx have discovered a new infostealing campaign that leveraged typosquatting and stolen GitHub accounts to distribute malicious Python packages to the PyPI repository. In a blog post, Tal Folkman, Yehuda Gelb, Jossef Harush Kadouri, and Tzachi Zornshtain of Checkmarx said they discovered the campaign after a Python developer complained about falling victim … Read more
Hackers are using a novel phishing technique to deliver remote access trojans (RAT) to unsuspecting victims. According to the report, published this Monday, threat actors are using a technique called Object Linking and Embedding (OLE). This is a Windows feature that allows users to embed and link documents within documents, resulting in compound files with … Read more
Cybersecurity researchers have found a new version of a well-known Android banking trojan malware which sports quite a creative method of hiding in plain sight. PixPirate targets mostly Brazilian consumers with accounts on the Pix instant payment platform, which allegedly counts more than 140 million customers, and services transactions north of $250 billion. The campaign’s … Read more
Microsoft recently patched a vulnerability in Windows SmartScreen, but not before hackers abused it as a zero-day to drop the DarkGate malware. A report from cybersecurity researchers Trend Micro detailed a new campaign that included phishing emails with malicious PDF files, open redirects via Google DoubleClick Digital Marketing (DDM), and Microsoft installers (.MSI) impersonating legitimate … Read more