PyPI Package ‘secretslib’ Drops Fileless Linux Malware to Mine Monero

|
The curious case of 'secretslib'—a fileless cryptominer Sonatype has identified a 'secretslib' PyPI package that describes itself as "secrets matching and verification made easy." On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware ... Read More

Ransomware in PyPI: Sonatype Spots ‘Requests’ Typosquats

Sonatype has identified multiple malicious Python packages that contain ransomware scripts. These packages are named after a legitimate, widely known library called 'Requests.' ... Read More

StringJS Typosquat Deploys Discord Infostealer Obfuscated Five Times

An npm package called 'stringjs_lib' was identified by Sonatype this week. The package typosquats the popular npm library 'string' (or StringJS) and ships a Discord info-stealer obfuscated not one, five times ... Read More

This Week in Malware—John Deere dependency confusion attempt and more

This Week in Malware we discovered and analyzed 17 packages, at least a dozen of which were dependency confusion PoCs directly targeting the agricultural equipment giant John Deere (Deere & Company) ... Read More

John Deere dependency confusion attempt flagged by Sonatype

This week Sonatype identified 17 npm packages, at least 12 of which directly target John Deere's private npm dependencies via dependency confusion, a technique that continues to repeatedly be employed by bug bounty hunters and malicious actors alike when targeting open source packages. John Deere, or more specifically, Deere & Company, ... Read More

This Week in Malware—July 15th Edition

This Week in Malware we discovered and analyzed multiple PyPI and npm packages that are either dependency confusion candidates, prank packages, contain PoC reverse shell code, or were otherwise flagged as suspicious for containing extensive obfuscation without good reason ... Read More

This Week in Malware—Python packages peek into your Telegram, set up Windows RDP access

This Week in Malware we discovered and analyzed multiple malicious PyPI packages that either set up new Remote Desktop user accounts on your Windows computer or steal encrypted Telegram data files from your Telegram Desktop client ... Read More

PyPI Packages Steal Telegram Cache Files, Add Windows Remote Desktop Accounts

This week Sonatype has discovered multiple malicious PyPI packages that either set up new Remote Desktop user accounts on your Windows computer or steal encrypted Telegram data files from your Telegram Desktop client ... Read More

This Week in Malware—Python Cryptominers, 345 Dependency Confusion Packages

This Week in Malware, highlights include an influx of hundreds of dependency confusion packages with diverse targets and a 'python-dateutils' PyPI package that attempts to typosquat the vastly known Python module, dateutil ... Read More

python-dateutils—A Cryptominer in Disguise Targeting Windows, Linux, macOS

You've probably heard of the Python module 'dateutil'. The module offers powerful extensions to the standard datetime library extensively used by Python developers. Yesterday, however, Sonatype's automated malware detection system caught a suspicious PyPI package called 'python-dateutils' that mines Monero (XMR) cryptocurrency on your system—whether Windows, Linux, or macOS, and ... Read More