malware Archives - Developer Tech News

Zscaler highlights security trends challenging developers

Ryan Daws — Tue, 15 Oct 2024 15:28:37 +0000

Zscaler has released its annual ThreatLabz report, highlighting security challenges that should be on every developer’s radar. The 2024 Mobile, IoT, and OT Threat Report – covering June 2023 to May 2024 – highlights critical vulnerabilities in mobile applications, IoT devices, and operational technology (OT) systems that demand immediate attention from the development community. One... Read more »

The post Zscaler highlights security trends challenging developers appeared first on Developer Tech News.

North Korean hackers target developers with fake job interviews

Ryan Daws — Wed, 11 Sep 2024 16:11:25 +0000

Cybersecurity researchers at ReversingLabs have uncovered malicious software packages linked to a campaign known as VMConnect, believed to be orchestrated by the North Korean hacking team Lazarus Group. The campaign, first identified in August 2023, uses fake job interviews to lure developers into downloading and executing malicious code. The latest samples were traced to GitHub... Read more »

The post North Korean hackers target developers with fake job interviews appeared first on Developer Tech News.

Roblox developers targeted by year-long malware campaign

Ryan Daws — Mon, 02 Sep 2024 15:38:19 +0000

A sustained malware campaign targeting Roblox developers through malicious npm packages has been uncovered by Checkmarx security researchers. The attackers are impersonating the popular “noblox.js” library, publishing dozens of packages designed to steal sensitive information and compromise systems. The campaign, which has been active for over a year, exploits trust in the open-source ecosystem. It... Read more »

The post Roblox developers targeted by year-long malware campaign appeared first on Developer Tech News.

Hackers are increasingly exploiting packers to spread malware

Ryan Daws — Thu, 06 Jun 2024 16:46:58 +0000

Cybersecurity researchers from Check Point have uncovered an increasing trend of hackers exploiting commercial packing tools like BoxedApp to conceal and distribute various malware strains. Over the past year, a significant surge in the abuse of BoxedApp products has been observed, particularly in attacks targeting financial institutions and government organisations. BoxedApp offers a range of... Read more »

The post Hackers are increasingly exploiting packers to spread malware appeared first on Developer Tech News.

Sonatype exposes malicious PyPI package ‘pytoileur’

Ryan Daws — Wed, 29 May 2024 15:19:27 +0000

Sonatype has exposed ‘pytoileur’, a malicious PyPI package designed to download and install trojanised Windows binaries capable of surveillance, commandeering persistence, and stealing cryptocurrency. This discovery is part of a broader, months-long “Cool package” campaign aimed at infiltrating the coding community. Yesterday, an automated malware detection system operated by Sonatype, known as the Sonatype Repository... Read more »

The post Sonatype exposes malicious PyPI package ‘pytoileur’ appeared first on Developer Tech News.

Phylum uncovers targeted malware disguised in Python package

Ryan Daws — Mon, 13 May 2024 12:11:15 +0000

Phylum’s cybersecurity experts have detected a malicious payload embedded within a popular Python package on the PyPI repository. The package, named requests-darwin-lite, is an unauthorised variant of the widely-used requests library. The requests-darwin-lite package was cleverly designed to emulate its legitimate counterpart but included a Go binary concealed within an oversized image file pretending to... Read more »

The post Phylum uncovers targeted malware disguised in Python package appeared first on Developer Tech News.

Google blocked 2M malicious apps from the Play Store in 2023

Ryan Daws — Tue, 30 Apr 2024 11:19:21 +0000

Google blocked 2.28 million policy-violating apps from being published on the Play Store in 2023, thanks to improved security measures and tighter developer vetting processes. The company rejected or had developers remediate almost 200,000 app submissions to prevent abuse of sensitive permissions like location tracking and SMS access. The company says providing a safe and... Read more »

The post Google blocked 2M malicious apps from the Play Store in 2023 appeared first on Developer Tech News.

PyPI suspends registrations amid malware attack

Ryan Daws — Thu, 28 Mar 2024 12:52:52 +0000

The Python Package Index (PyPI) has suspended new project creation and user registration to mitigate an ongoing malware upload campaign. This move comes as security researchers at Checkmarx uncovered a campaign involving multiple malicious packages related to the same threat actors. The attackers are targeting victims through typosquatting attacks, tricking users into installing malicious Python... Read more »

The post PyPI suspends registrations amid malware attack appeared first on Developer Tech News.

GitHub suffers from over 100K infected repos

Ryan Daws — Thu, 29 Feb 2024 12:01:58 +0000

Developers face a major security threat as over 100,000 repositories on GitHub are infected with malicious code. This resurgence of a malicious repo confusion campaign – detected by Apiiro’s security researchers – has impacted countless developers who unwittingly use repositories they believe to be trusted but are, in fact, compromised. Similar to dependency confusion attacks... Read more »

The post GitHub suffers from over 100K infected repos appeared first on Developer Tech News.

Android finally checks sideloaded apps for malware before installs

Ryan Daws — Thu, 19 Oct 2023 16:12:38 +0000

In response to growing cyber threats, Google has introduced an update to bolster Android security. This enhancement focuses on strengthening malware detection before app installations, ensuring a safer Android ecosystem. With this update, Google Play Protect now conducts real-time scans at the code-level during the app installation process: By providing users with immediate feedback about... Read more »

The post Android finally checks sideloaded apps for malware before installs appeared first on Developer Tech News.