The Hacker News3d
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Researchers uncovered 20 malicious PyPI packages stealing cloud credentials, downloaded 14,100+ times before removal.
Python devs are being targeted by this massive infostealing malware campaign
The threat actors used the access to commit malware to the Top.gg Python library. The goal of the campaign was to steal ...
Hosted on MSN5mon
Crypto-stealing malware discovered in Python Package Index — Checkmarx
Despite the vigilance and quick action of Checkmarx and the Python Package Index to address the issue, the malware returned in early October and has reportedly been downloaded more than 3,700 ...
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted ...
Hackaday6y
When Good Software Goes Bad: Malware In Open Source
Open Source software is always trustworthy, right? [Bertus] broke a story about a malicious Python package called “Colourama”. When used, it secretly installs a VBscript that watches the ...
Hundreds of GitHub repositories hijacked to trick users into downloading malware
Cybersecurity researchers Kaspersky have iscovered a longstanding, widespread criminal campaign targeting software developers with information-stealing malware.
YouTubers extorted via copyright strikes to spread malware
Cybercriminals are sending bogus copyright claims to YouTubers to coerce them into promoting malware and cryptocurrency ...
The Hacker News8d
SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools
SilentCryptoMiner infects 2,000 users by posing as a restriction bypass tool, leveraging YouTube and Telegram for distribution.