Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware
As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used by developers to add color and style to their text in terminal outputs. Colorama is number 44 in ... Read More
Analysis: A Ransomware Attack on a PostgreSQL Database
In 2017, we reported on a database ransomware campaign targeting MySQL and MongoDB. Since then, we’ve observed similar attack tactics on a PostgreSQL database in Imperva Threat Research lab. In general, the attack flow contained: A brute force attack on the database for known users and weak passwords Collecting a ... Read More
Database Ransomware: From Attack to Recovery
Introduction In recent years, ransomware attacks have risen sharply, due to their profitability, ease of access with ransomware-as-a-service (RaaS) tools, and an increasing attack surface. Ransomware is a type of attack in which the attacker locks and encrypts a victim’s data and then demands a payment to unlock and decrypt ... Read More