Lookalike npm Package Hides a Multi-Stage Windows RAT
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
Impersonation attacks mimic trusted people or services to trick users into sharing credentials, sending money, or bypassing security controls.
Search across headline titles and summaries.
Background for this topic.
Impersonation is the deliberate presentation of a person, organization, account, device, or service as another trusted identity. In information security, attackers use stolen credentials, look-alike domains, caller-ID or email spoofing, forged messages, and social engineering to persuade users or systems to accept that false identity. The aim may be account takeover, unauthorized access, fraudulent transactions, or disclosure of sensitive information.
Impersonation commonly targets identity providers, email and messaging systems, help desks, executives, suppliers, and customer-support channels. Useful controls include phishing-resistant multi-factor authentication, least-privilege access, email authentication and domain monitoring, and independent verification of unusual requests—especially changes to payment details or credentials. Detection and response depend on examining authentication logs, device and session context, reported fraudulent messages, and newly registered look-alike domains; compromised accounts should be revoked or reset promptly and impersonated parties notified where appropriate.
Weekly headline count for the current query.
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems
Most malicious open source packages now mimic real code rather than rely on typosquatting
Venomous#Helper attackers impersonate the US Social Security Administration to deploy signed RMM software and maintain persistent access across US networks
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
Loan phishing operation in Peru is stealing card info by impersonating financial institutions
Chainalysis estimates $17bn will be lost to crypto scams in 2025 as AI takes hold
A cluster of fraudulent domains impersonating Egyptian providers have been identified linked to Smishing Triad operations
Group-IB has uncovered a scam operation impersonating Singapore officials using Google Ads and deepfakes
The Singapore police said Facebook is the top platform for online scams in the country
Reports of email phishing attempts impersonating the UK’s HM Revenue & Customs plummeted in the first half of 2025
Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets
A new wave of phishing attacks exploiting Microsoft 365 OAuth tools has been observed impersonating diplomats to steal access codes
New ITRC data reveals identity crimes are down but impersonation scams now account for a third of all scams
The ransomware group combines IT vendor impersonation and phishing frameworks like Evilginx to breach its targets
A rise in smishing campaigns impersonating toll service providers has been linked to China’s Smishing Triad
Barracuda observed threat actors impersonating the Clop ransomware group via email to extort payments, claiming to have exfiltrated sensitive data
Winos 4.0 malware uses phishing emails to target organizations in Taiwan, Fortinet experts warn
A novel phishing campaign identified by Zimperium targets mobile users with malicious PDFs, impersonating USPS to steal credentials