Tech News
Back to home
Technology

Supply-chain attacks on open source software are getting out of hand

Source

Ars Technica

Published

TL;DR

AI Generated

Supply-chain attacks on open source software are escalating, with recent breaches targeting developer accounts and leading to the distribution of malicious packages to users. Security firm Socket reported a supply-chain attack on JavaScript code in the npm repository, where 10 packages from Toptal were infected with malware and downloaded by around 5,000 users before detection. This incident marks the third supply-chain attack on npm observed by Socket in a week. The hackers compromised Toptal's GitHub Organization to publish the malicious packages on npm.

Read Full Article

Similar Articles

HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

Unknown attackers breached the website of CPUID, the developer of HWMonitor and CPU-Z, serving users infected files instead of legitimate ones for six hours. The malware aimed to steal browser credentials, particularly from Google Chrome. The breach was fixed, and CPUID's original files were not compromised. Supply chain attacks like this have become more common, with popular tech tools being targeted to distribute malware. Users who downloaded the infected files may have had their systems compromised.

Tom's Hardware
CanisterWorm malware wipes Iranian machines for no apparent reason — sophisticated attack spreads through npm packages and uses ICP canister as control surface

CanisterWorm malware wipes Iranian machines for no apparent reason — sophisticated attack spreads through npm packages and uses ICP canister as control surface

A hacking group named TeamPCP has developed the CanisterWorm malware, which targets Iranian machines and wipes their contents without a clear motive. The malware spreads through npm packages and uses an ICP canister as a control surface, making it a sophisticated and unique attack. The group's previous activities focused on monetary gain, but this latest version of the malware seems to be more about showcasing their capabilities. The attack was initiated through a hack on the Trivy open-source vulnerability scanner software, highlighting the importance of securing software publishing infrastructure. The ICP protocol, which the malware utilizes, has strict security measures in place to prevent unauthorized access and takedowns.

Tom's Hardware
Self-propagating malware poisons open source software and wipes Iran-based machines

Self-propagating malware poisons open source software and wipes Iran-based machines

A hacking group named TeamPCP is spreading a new self-propagating backdoor and data wiper targeting Iranian machines. The group has been using a worm to compromise cloud-hosted platforms for various malicious activities like data exfiltration, ransomware deployment, extortion, and cryptocurrency mining. TeamPCP recently compromised the Trivy vulnerability scanner through a supply-chain attack and spread potent malware that automatically infects new machines without user interaction. The malware targets npm repository access tokens and creates new versions of packages with malicious code. The worm is controlled by a tamper-proof mechanism using an Internet Computer Protocol-based canister, allowing attackers to constantly change control server URLs.

Ars Technica
Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

A new vulnerability called Zombie ZIP allows malware to bypass 95% of antivirus apps by disguising compressed data as uncompressed in ZIP files. This trick evades detection as the data appears as random bytes to antivirus software. The flaw has been exploited in a proof-of-concept Python script that can easily extract malware from corrupted ZIP files. Security experts recommend caution with ZIP files until antivirus solutions catch up with this issue.

Tom's Hardware

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.