North Korean hackers target developers in latest npm attack wave

A fresh offensive by suspected North Korean hacking groups has targeted the open-source software community with a series of malicious packages uploaded to the npm repository.

Identified by cybersecurity firm Phylum, the attacks leverage multiple techniques and appear designed to steal cryptocurrency and sensitive data from unsuspecting developers.

The campaign began on 12th August and involves several distinct publication patterns and attack types, suggesting the...

29 August 2024 | Developer

Images weaponised in latest supply chain attack

A series of malicious packages disguised as legitimate software have been discovered in the npm registry by cybersecurity firm Phylum.

The packages – identified on 13 July 2024 – contained hidden command and control functionality embedded within image files, executed during the installation process.

Phylum researchers uncovered two packages in this campaign, with one named "img-aws-s3-object-multipart-copy" mimicking a legitimate GitHub library. The malicious version...

16 July 2024 | Hacking & Security

Phylum uncovers targeted malware disguised in Python package

Phylum’s cybersecurity experts have detected a malicious payload embedded within a popular Python package on the PyPI repository. The package, named requests-darwin-lite, is an unauthorised variant of the widely-used requests library.

The requests-darwin-lite package was cleverly designed to emulate its legitimate counterpart but included a Go binary concealed within an oversized image file pretending to be a simple logo. This file – a PNG labelled as a sidebar image –...

13 May 2024 | Hacking & Security