What Happened? Working Together, Keeping the Ecosystem Safe The ongoing battle against software supply chain attackers continues to be challenging as attackers constantly adapt and surprise with new techniques. In order to better defend against these threats, Checkmarx and Illustria
Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”. This attack group has been operating for over a year with multiple hacking objectives: Credit card informationDiscord “Nitro” (premium) upgradesStreaming services accounts (e.g.
Typosquatting Campaign Targeting Python’s Top Packages, Dropping GitHub Hosted Malware with DGA Capabilities
On Saturday, August 13th, Checkmarx’s Software Supply Chain Security Typosquatting engine detected a large-scale attack on the Python ecosystem with multi-stage persistent malware. The PyPi user account devfather777 published a dozen malicious Typosquatting packages under the names of popular projects
Today, as it was revealed by Stephen Lacy in his tweet, he shared his findings of a large-scale campaign targeting random GitHub repositories with project clones containing credential stealing malware and remote shell execution on top of the original code.
A logical flaw in GitHub allows attackers to take control over thousands of repositories, enabling the poisoning of popular open-source packages. This flaw is yet to be fixed and the steps to exploit it were recently published, making it highly
What Happened? Multiple supply chain attacks from the same attacker were reported today by s0md3v. (1) PHP package hautelook/phpass with over 2.5 million installations was hijacked using the RepoJacking technique. (2) Python package “ctx” with over 700,000 downloads was compromised
Checkmarx Supply Chain Security (SCS) team has uncovered hundreds of malicious packages attempting to use a dependency confusion attack. Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks. As it seems this time, the attacker
Recent NPM package takeover incidents such as “coa” and “ua-parser-js” have affected organizations by the thousands and have emphasized the need for a monitoring system, alerting developers and the open source community of suspicious activities that might hint of an