all InfoSec news
GitGot: GitHub leveraged by cybercriminals to store stolen data
Malware Analysis, News and Indicators - Latest topics malware.news
In January, ReversingLabs researchers discovered two malicious packages on the npm open source package manager that leveraged the GitHub platform to store stolen Base64 encrypted SSH keys lifted from developer systems that installed the malicious npm packages.
Multiple versions of the malicious npm packages, warbeast2000 and kodiak2k were identified and have since been removed from npm. However, the campaign is just the latest example of cybercriminals and malicious actors using open source package managers and related infrastructure to support malicious …
base64 cybercriminals data developer encrypted github january keys malicious malicious npm malicious packages manager npm open source package package manager packages platform researchers reversinglabs ssh ssh keys stolen store systems