phylum Archives - Developer Tech News

North Korean hackers target developers in latest npm attack wave

Ryan Daws — Thu, 29 Aug 2024 12:16:20 +0000

A fresh offensive by suspected North Korean hacking groups has targeted the open-source software community with a series of malicious packages uploaded to the npm repository. Identified by cybersecurity firm Phylum, the attacks leverage multiple techniques and appear designed to steal cryptocurrency and sensitive data from unsuspecting developers. The campaign began on 12th August and... Read more »

The post North Korean hackers target developers in latest npm attack wave appeared first on Developer Tech News.

Images weaponised in latest supply chain attack

Ryan Daws — Tue, 16 Jul 2024 15:23:38 +0000

A series of malicious packages disguised as legitimate software have been discovered in the npm registry by cybersecurity firm Phylum. The packages – identified on 13 July 2024 – contained hidden command and control functionality embedded within image files, executed during the installation process. Phylum researchers uncovered two packages in this campaign, with one named... Read more »

The post Images weaponised in latest supply chain attack appeared first on Developer Tech News.

Phylum uncovers targeted malware disguised in Python package

Ryan Daws — Mon, 13 May 2024 12:11:15 +0000

Phylum’s cybersecurity experts have detected a malicious payload embedded within a popular Python package on the PyPI repository. The package, named requests-darwin-lite, is an unauthorised variant of the widely-used requests library. The requests-darwin-lite package was cleverly designed to emulate its legitimate counterpart but included a Go binary concealed within an oversized image file pretending to... Read more »

The post Phylum uncovers targeted malware disguised in Python package appeared first on Developer Tech News.