Information Stealer
Backdoored PyTorch Lightning package drops credential stealer
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. The developer disclosed the supply-chain attack on April 30, saying that version 2.6.3 of the package included a hidden execution chain that downloads and executes a JavaScript payload. PyTorch […]
GlassWorm malware attacks return via 73 OpenVSX “sleeper” extensions
A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 “sleeper” extensions that turn malicious after an update. Six of the extensions have been activated and deliver malware, while researchers assess with high confidence that the rest of them are dormant or at least suspicious. When initially uploaded, the extensions are […]
PyPI package with 1.1M monthly downloads hacked to push infostealer
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, and it extended to the Docker image due to the package’s workflow that creates the image from the code and uploads it to a container registry for […]
New Checkmarx supply-chain breach affects KICS analysis tool
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. KICS, short for Keeping Infrastructure as Code Secure, is a free, open-source scanner that helps developers identify security vulnerabilities in source code, dependencies, and configuration files. The tool is typically run locally […]
New npm supply-chain attack self-spreads to steal auth tokens
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. The threat was spotted by researchers at application security companies Socket and StepSecurity in multiple packages from Namastex Labs, a company that provides AI-based agentic solutions designed to improve […]
New macOS stealer campaign uses Script Editor in ClickFix attack
A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. Script Editor is a built-in macOS application for writing and running scripts, primarily AppleScript and JXA, that can execute local scripts and shell commands. It […]
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix technique, presenting a fake CAPTCHA that mimics Cloudflare’s human verification check to trick users into executing malicious code. Researchers at Malwarebytes say this is the first […]
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. The supply-chain attack was observed by application security firms Aikido, Socket, and Endor Labs, and was attributed to TeamPCP based on the same exfiltration pattern and RSA key seen in previous incidents caused by the […]
Suspected RedLine infostealer malware admin extradited to US
An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. Hambardzum Minasyan was arrested on Monday, March 23, and appeared in federal court in Austin on Tuesday, when U.S. prosecutors accused him of registering virtual private […]
New Torg Grabber infostealer malware targets 728 crypto wallets
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. Initial access is obtained through the ClickFix technique by hijacking the clipboard and tricking the user into executing a malicious PowerShell command. According to researchers at cybersecurity company Gen Digital, Torg Grabber is […]