A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign.
The post Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign appeared first on SecurityWeek.
Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm
The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names.
The post Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm appeared first on SecurityWeek.
Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit
The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public.
The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit appeared first on SecurityWeek.
Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool
Threat actors are actively deploying the recently released self-replicating and self-propagating SSH-Snake worm.
The post Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool appeared first on SecurityWeek.
Russia’s LitterDrifter USB Worm Spreads Beyond Ukraine
Gamaredon’s self-propagating LitterDrifter USB worm spreads from Ukraine to the US and other countries.
The post Russia’s LitterDrifter USB Worm Spreads Beyond Ukraine appeared first on SecurityWeek.