Malware Analysis
DarkGate Malware Campaign Exploits Patched Microsoft Flaw
The Zero Day Initiative (ZDI) by Trend Micro uncovered a phishing campaign that exploited a patched Microsoft flaw to infect devices with DarkGate malware. CVE-2024-21412 was the Microsoft patch that was exploited ...
npm packages caught exfiltrating Kubernetes config, SSH keys
The Sonatype Security Research team is currently tracking an ongoing campaign on the npm registry that uses npm packages to retrieve and exfiltrate your Kubernetes configuration and SSH keys to an external ...
New npm PoC packages target PayPal Zettle, Airbnb developers
Sonatype has identified several npm packages that are named after internal dependencies purportedly used by PayPal Zettle and Airbnb developers ...
Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module
This month, we analyzed a malicious PyPI package called ‘VMConnect,’ which has been designed to strongly resemble the legitimate VMware vSphere connector module, ‘vConnector’, except it hides sinister code within ...
“Quoi…? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer
We’ve got a rather interesting malicious finding this month to talk about, the one that mixes a meme with malware ...
Protecting Software Developers from Malware with AI/ML Insights
In my last post I talked about solutions to address malware and the increase in attacks. Today I’ll dig into what’s necessary to find and avoid malware ...
Attacker floods PyPI with 450+ malicious packages that drop Windows trojan via Dropbox
Sonatype has been tracking an open source malware campaign developing over the weekend in which a threat actor is infiltrating the PyPI software registry with hundreds of malicious packages. These packages are ...
How to Peel a PowerShell Onion: A Bloodhound Case Study
Published May 2, 2022 Introduction Recently the GuidePoint Security DFIR team was called in to conduct an investigation for a […] ...