Malicious pull request infects VS Code extension
In the last few months, ReversingLabs (RL) researchers have encountered multiple malicious packages that target cryptocurrency users and developers. In May, RL researcher Karlo Zanki wrote a blog about malicious PyPI packages that targets developers in the Solana ecosystem. Another RL researcher, Lucija Valentić, wrote about malicious npm packages that ... Read More
Suspicious NuGet package grabs data from industrial systems
A recent scan by ReversingLabs of the open source package manager NuGet uncovered a suspicious package, SqzrFramework480, that may be targeting developers working with technology made by a China-based firm that does industrial- and digital equipment manufacturing. In this blog post, we'll describe what we found and offer analysis of ... Read More
Attackers leverage PyPI to sideload malicious DLLs
ReversingLabs researchers have observed a clear trend in which open-source platforms and code have become the stage for a growing and diverse range of malicious activity and campaigns. This trend includes hosting malicious command-and-control (C2) infrastructure, storing stolen data, and delivering second- and third- stage malware including downloaders and rootkit ... Read More
