Hijack
Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over 30 million times weekly, was compromised after its maintainer fell victim to a phishing attack. Other packages, namely eslint-plugin-prettier, synckit, @pkgr/core, and napi-postinstall from the same maintainer, were also targeted. The attacker(s) used stolen […]
Discord flaw lets hackers reuse expired invites in malware campaign
Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. The campaign relies on a flaw in the Discord invitation system to leverage multi-stage infections that evade multiple antivirus engines. “Reviving” expired Discord invites Discord invite links are URLs that allow someone to join […]
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated […]
MassJacker malware uses 778,000 wallets to steal cryptocurrency
A newly discovered clipboard hijacking operation dubbed ‘MassJacker’ uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. According to CyberArk, who discovered the MassJacker campaign, roughly 423 wallets linked to the operation contained $95,300 at the time of the analysis, but historical data suggests more significant transactions. Also, there’s a single […]
Over 4,000 backdoors hijacked by registering expired domains
Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. Some of the live malware (web shells) was deployed on web servers of high-profile targets, including government and university systems, ready to execute commands from anyone who tool control of the communication […]
Russian cyber spies hide behind other hackers to target Ukraine
Russian cyber-espionage group Turla, aka “Secret Blizzard,” is utilizing other threat actors’ infrastructure to target Ukrainian military devices connected via Starlink. Microsoft and Lumen recently exposed how the nation-state actor, who is linked to Russia’s Federal Security Service (FSB), is hijacking and using malware and servers of the Pakistani threat actor Storm-0156. Microsoft released another report […]
Sitting Ducks DNS attacks let hackers hijack over 35,000 domains
Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner’s account at the DNS provider or registrar. In a Sitting Ducks attack, cybercriminals exploit configuration shortcomings at the registrar level and insufficient ownership verification at DNS providers. Researchers at DNS-focused security vendor Infoblox […]