all InfoSec news
Smuggling Malware in Test Code
Feb. 20, 2024, 11:11 p.m. | Phylum Research Team
Phylum blog.phylum.io
Phylum continues to discover malware polluting open-source ecosystems. In this blog post, we take a deep-dive into an npm package trying to masquerade as code profiler which actually installs several malicious scripts including a cryptocurrency and credential stealer. Curiously, the attacker attempted to hide the malicious code in a test
attacker blog blog post code credential credential stealer cryptocurrency discover dive ecosystems hide malicious malware npm npm package package phylum research scripts smuggling stealer test
More from blog.phylum.io / Phylum
Compiled Python Files
2 weeks, 2 days ago |
blog.phylum.io
Malicious Go Binary Delivered via Steganography in PyPI
3 weeks, 1 day ago |
blog.phylum.io
Adding Spurious Wheels to PyPI
3 weeks, 1 day ago |
blog.phylum.io
Modern Python Build Hooks
3 weeks, 5 days ago |
blog.phylum.io
Python Package Installation Attacks
1 month, 1 week ago |
blog.phylum.io
Python Trojan Functions and Imports
1 month, 1 week ago |
blog.phylum.io
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC