all InfoSec news
Fake 'distube-config' npm package drops Windows info-stealing malware
Jan. 24, 2024, 3:08 p.m. | Ax Sharma
Sonatype Blog blog.sonatype.com
Sonatype has identified two npm packages distube-config and discordyt that typosquat open source packages like Discord modules, in an attempt to infect Windows users with a Trojan. Our security researcher, Juan Aguirre, who analyzed the malware shares some insights.
config discord drops fake infect info info-stealing malware insights malware modules npm npm package open source open source packages package packages researcher security security researcher sonatype stealing trojan vulnerabilities windows
More from blog.sonatype.com / Sonatype Blog
Sonatype Lifecycle best practices: InnerSource
3 days, 4 hours ago |
blog.sonatype.com
A guide for open source software (OSS) security
1 week, 1 day ago |
blog.sonatype.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368
@ Allen Integrated Solutions | Chantilly, Virginia, United States
Consultant Sécurité SI H/F Gouvernance - Risques - Conformité
@ Hifield | Sèvres, France
Infrastructure Consultant
@ Telefonica Tech | Belfast, United Kingdom