all InfoSec news
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
Oct. 12, 2023, 11:05 a.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
Key Points
- Throughout September 2023, an attacker executed a targeted campaign via Pypi to draw developers using Alibaba cloud services, AWS, and Telegram to their malicious packages.
- Rather than performing automatic execution, the malicious code within these packages was strategically hidden within functions, designed to trigger only when these functions were called.
- The Attackers leveraged Typosquatting and Starjacking techniques to lure developers to their malicious packages.
- One of the malicious packages, mimicking a popular repo, capitalized on its absence from …
alibaba alibaba cloud attack attacker automatic aws campaign cloud cloud services code developers functions hidden key key points latest malicious malicious packages packages performing points pypi september services supply supply chain supply chain attack telegram trigger
More from malware.news / Malware Analysis, News and Indicators - Latest topics
What the Biggest-Ever Botnet Takedown Means
1 day, 6 hours ago |
malware.news
Nearly 6M WordPress sites may be affected by bugs in 3 plug-ins
1 day, 9 hours ago |
malware.news
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC