Malware Analysis
WebAssembly: The Fly on the Wall Delivering Malware Past Secure Web Gateways
‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpointAt DEF CON 32, SquareX presented groundbreaking research curating vulnerabilities in Secure Web Gateways (SWGs) ...
‘Netfetcher’ package drops illicit ‘node’ binary on Windows
Recently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of ...
Exploit creator selling 250+ reserved npm packages on Telegram
Recently, the Sonatype Security Research team identified more than 250 npm packages which are lucrative and convincing exploits, because these are named exactly like the open source projects coming from Amazon Web ...
‘cors-parser’ npm package hides cross-platform backdoor in PNG files
'cors-parser' is neither a cure for Cross-Origin Resource Sharing (CORS) vulnerabilities nor a "parser" for interpreting same-origin policies of a website. Instead, the npm package employs a form of steganography to download ...
Russia-linked ‘Lumma’ crypto stealer now targets Python devs
Imagine being a developer who's building the next-gen crypto app by using popular open source components to speed up coding. Instead, you end up including a package in your build that, does ...
PyPI crypto-stealer targets Windows users, revives malware campaign
Sonatype has discovered 'pytoileur', a malicious PyPI package hiding code that downloads and installs trojanized Windows binaries capable of surveillance, achieving persistence, and crypto-theft. Our discovery of the malware led us to ...
KapeKa Backdoor: Russian Threat Actor Group’s Recent Attacks
In the realm of cybersecurity, vigilance is paramount. Recent discoveries have shed light on a previously undisclosed threat known as Kapeka, a versatile backdoor quietly making its presence felt in cyber attacks ...
OfflRouter Malware Ukraine: Govt Network Breach Since 2015
As per recent media reports, certain government networks in Ukraine have been infected with the Offlrouter malware since 2015. The Offlrouter malware Ukraine has managed to escape detection for nearly a decade ...
CISA Announces Malware Next-Gen Analysis for Public Access
Have you ever downloaded a file and wondered if it’s safe? Now, there’s a powerful new weapon in the fight against malware thanks to the Cybersecurity and Infrastructure Security Agency (CISA). They’ve ...
BunnyLoader Malware: Modular Features Help Evade Detection
In the ever-evolving landscape of cybersecurity threats, a new variant of malware has emerged, posing significant challenges for detection and mitigation efforts. Known as BunnyLoader malware, it has recently undergone a transformation, ...
