Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam
A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.
A new malware campaign has been observed built on seven npm packages and using cloaking techniques and fake CAPTCHAs, operated by threat actor dino_reborn
Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites
Also: Hackers Use Ethereum Smart Contracts to Hide Malicious npm CodeSwissBorg $41M hack, hidden malicious npm code, sanctions on Southeast Asian networks, California launderer's sentencing, Kinto's shuttering, Venus Protocol pays back victim, Nemo Protocol hack, DOJ's $5M recovery effort, Lagarde's proposed rules and the SEC-CFTC plan for market clarity.
Miscreants cost victims time rather than money During the two-hour window on Monday in which hijacked npm versions were available for download, malware-laced packages reached one in 10 cloud environments, according to Wiz researchers. But crypto-craving crims did little more than annoy defenders.…
Also: Hackers Use npm Packages, MassJacker Malware and Fake $TrumpThis week, Garantex admin arrested, hackers used npm packages to steal crypto data and deployed MassJacker malware to steal coins, infected victims with $Trump lures. Also, U.S. authorities seized hacked Ripple funds and a California warning about scams.
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol
NPM repo hijacked after former worker phished Cryptocurrency wallet maker Ledger says someone slipped malicious code into one of its JavaScript libraries to steal more than half a million dollars from victims.…
Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets