all InfoSec news
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
April 10, 2024, 11:05 a.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously crafted repositories to distribute malware.
Key Points
- GitHub search manipulation: Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users.
- Malicious code is often hidden within Visual Studio project files (.csproj or .vcxproj) to evade detection, automatically executing when the project is built.
- The attacker had set up the stage …
attack attackers automated campaign cybercriminals developers fake github key key points malicious malware manipulation names open source open source supply chain points popular repositories search stars supply supply chain supply chain attack techniques topics updates
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Update: file-magic.py Version 0.0.8
13 hours ago |
malware.news
What the Biggest-Ever Botnet Takedown Means
1 day, 13 hours ago |
malware.news
Nearly 6M WordPress sites may be affected by bugs in 3 plug-ins
1 day, 16 hours ago |
malware.news
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)