Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware

Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware

As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used by developers to add color and style to their text in terminal outputs. Colorama is number 44 in ... Read More
Analysis: A Ransomware Attack on a PostgreSQL Database

Analysis: A Ransomware Attack on a PostgreSQL Database

In 2017, we reported on a database ransomware campaign targeting MySQL and MongoDB. Since then, we’ve observed similar attack tactics on a PostgreSQL database in Imperva Threat Research lab.  In general, the attack flow contained: A brute force attack on the database for known users and weak passwords Collecting a ... Read More
Database Ransomware: From Attack to Recovery

Database Ransomware: From Attack to Recovery

Introduction In recent years, ransomware attacks have risen sharply, due to their profitability, ease of access with ransomware-as-a-service (RaaS) tools, and an increasing attack surface.  Ransomware is a type of attack in which the attacker locks and encrypts a victim’s data and then demands a payment to unlock and decrypt ... Read More

Application Security Check Up