Head of Supply Chain Security Engineering

How 140k NuGet, NPM, and PyPi Packages Were Used to Spread Phishing Links

What Happened? Working Together, Keeping the Ecosystem Safe The ongoing battle against software supply chain attackers continues to be challenging as attackers constantly adapt and surprise with new techniques. In order to better defend against these threats, Checkmarx and Illustria

December 14, 2022

LofyGang – Software Supply Chain Attackers; Organized, Persistent, and Operating for Over a Year

Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”. This attack group has been operating for over a year with multiple hacking objectives: Credit card informationDiscord “Nitro” (premium) upgradesStreaming services accounts (e.g.

October 7, 2022

Typosquatting Campaign Targeting Python’s Top Packages, Dropping GitHub Hosted Malware with DGA Capabilities

On Saturday, August 13th, Checkmarx’s Software Supply Chain Security Typosquatting engine detected a large-scale attack on the Python ecosystem with multi-stage persistent malware. The PyPi user account devfather777 published a dozen malicious Typosquatting packages under the names of popular projects

August 14, 2022

Large Scale Campaign Created Fake GitHub Projects Clones with Fake Commit Added Malware

Today, as it was revealed by Stephen Lacy in his tweet, he shared his findings of a large-scale campaign targeting random GitHub repositories with project clones containing credential stealing malware and remote shell execution on top of the original code.

August 3, 2022

GitHub RepoJacking Weakness Exploited in the Wild by Attackers

A logical flaw in GitHub allows attackers to take control over thousands of repositories, enabling the poisoning of popular open-source packages. This flaw is yet to be fixed and the steps to exploit it were recently published, making it highly

May 27, 2022

Attacker Caught Hijacking Packages Using Multiple Techniques to Steal AWS Credentials

What Happened? Multiple supply chain attacks from the same attacker were reported today by s0md3v. (1) PHP package hautelook/phpass with over 2.5 million installations was hijacked using the RepoJacking technique. (2) Python package “ctx” with over 700,000 downloads was compromised

May 25, 2022

A Beautiful Factory for Malicious Packages

Checkmarx Supply Chain Security (SCS) team has uncovered hundreds of malicious packages attempting to use a dependency confusion attack. Customarily, attackers use an anonymous disposable NPM account from which they launch their attacks. As it seems this time, the attacker

March 28, 2022

Our Response to NPM Account Takeover Attacks – ChainAlert, a Community-Backed Open Source Tool

Recent NPM package takeover incidents such as “coa” and “ua-parser-js” have affected organizations by the thousands and have emphasized the need for a monitoring system, alerting developers and the open source community of suspicious activities that might hint of an

February 8, 2022

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Products

Services

Why Checkmarx

Solutions For

Company

Jossef Harush