#supply-chain-malware

[ follow ]
#contagious-interview #akdoortea #social-engineering #malicious-npm-package #qr-code-steganography
Information security
fromThe Hacker News
1 week ago

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

North Korea-linked actors use multi-platform malware including AkdoorTea to target cryptocurrency and Web3 developers via fake recruiter job offers that install backdoors.
Information security
fromInfoWorld
1 week ago

QR codes become the vehicle for malware in new technique

A malicious npm package named fezbox hides obfuscated backdoor code inside embedded QR codes to steal credentials from browser cookies.
fromThe Hacker News
2 weeks ago

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

"SilentSync is capable of remote command execution, file exfiltration, and screen capturing," Zscaler ThreatLabz's Manisha Ramcharan Prajapati and Satyam Singh said. "SilentSync also extracts web browser data, including credentials, history, autofill data, and cookies from web browsers like Chrome, Brave, Edge, and Firefox." The packages, now no longer available for download from PyPI, are listed below. They were both uploaded by a user named "CondeTGAPIS."
Information security
[ Load more ]