PyPI suspends registrations amid malware attack

The Python Package Index (PyPI) has suspended new project creation and user registration to mitigate an ongoing malware upload campaign. This move comes as security researchers at Checkmarx uncovered a campaign involving multiple malicious packages related to the same threat actors.

The attackers are targeting victims through typosquatting attacks, tricking users into installing malicious Python packages through their command-line interface. This multi-stage attack aims to steal...

GitHub suffers from over 100K infected repos

Developers face a major security threat as over 100,000 repositories on GitHub are infected with malicious code.

This resurgence of a malicious repo confusion campaign – detected by Apiiro’s security researchers – has impacted countless developers who unwittingly use repositories they believe to be trusted but are, in fact, compromised.

Similar to dependency confusion attacks – which exploit package managers – repo confusion attacks rely on human error,...

Android finally checks sideloaded apps for malware before installs

In response to growing cyber threats, Google has introduced an update to bolster Android security. This enhancement focuses on strengthening malware detection before app installations, ensuring a safer Android ecosystem.

With this update, Google Play Protect now conducts real-time scans at the code-level during the app installation process:

By providing users with immediate feedback about the safety of the apps they are installing, Google empowers its users to make...

Clipper malware found in over 451 PyPI packages

Phylum security researchers have discovered over 451 packages on the Python Package Index (PyPI) that are infected with “clipper” malware.

Clippers replace the contents of a victim’s clipboard with something which benefits the attacker. The most prevalent clippers today look for cryptocurrency addresses and modify them to steal funds.

Starting on February 9th, Phylum was alerted by its automated risk detection platform to a long series of suspicious publications to...

Malware campaign targets official Python and JavaScript repos

An active malware campaign is targeting official Python and JavaScript repositories.

Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package.

Typosquats take advantage of simple typos to install malicious packages.

In this case, the PyPI typos include: dequests, fequests, gequests, rdquests, reauests, reduests,...

Syntax error breaks KmsdBot cryptomining botnet

A syntax error broke an otherwise advanced cryptomining botnet called KmsdBot.

The malware, which could also be used for distributed denial-of-service (DDoS) attacks, was discovered by Akamai Security Research.

Akamai’s researchers witnessed the authors “accidentally crash” KmsdBot after observing the malware stopped sending attack commands after receiving:

!bigdata www.bitcoin.com443 / 30 3 3 100 

The lack of a space between the website and the...

Cyber Security & Cloud Expo: Examining the 2022 malware landscape

Geopolitical tensions and the largest war in Europe for decades have defined the malware landscape in 2022.

Recorded Future has been capturing global threat information from the internet, dark web, and technical sources for over a decade. The firm combines this vast amount of data with AI and human expertise to spot threats early and provide actionable insights to security professionals.

Toby Wilmington, Manager - Sales Engineering at Recorded Future, provided his...

Apple letter urges lawmakers to reject sideloading bill

Apple has written a letter urging lawmakers to reject a bill that would force the company to allow any apps to be installed on its mobile operating systems.

The letter, addressed to Senate Judiciary Chair Dick Durbin and Republican Chuck Grassley, claims the proposed bill will hurt user privacy and security if passed.

In question is the S. 2710 bill that would allow software downloaded from the web or other sources to be “sideloaded” on iOS.

“Sideloading...

Play Store’s AI security blocks almost one million policy-violating apps

Google’s AI-powered Play Store security has blocked almost one million policy-violating apps from reaching users.

In a blog post, Google detailed what it’s been doing to protect the billions of Android users and millions of developers creating apps for the world’s largest mobile platform.

2020 was a year when many of us made sacrifices to our freedoms to protect not just ourselves, but those around us. Unfortunately, criminals sought to take advantage of more...

Report: Developing markets are suffering a mobile malware pandemic

Anti-fraud platform Secure-D has released a report highlighting the mobile malware pandemic that developing markets are suffering.

The report is based on Secure-D’s processing of one billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets, helping to protect a total of almost 840 million users.  

Secure-D detected 46,000 malicious apps; with around one in six (16%) mobile devices in emerging markets carrying at least...