reader comments 12 with 12 posters participating Share this story Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware continues to flourish. This time, the malicious code was found in NPM, where 11 million developers trade more than 1 million packages among each… Read More: Malicious NPM packages are part of a malware “barrage” hitting… »
Getty Images reader comments 46 with 34 posters participating, including story author Share this story Thousands of networking devices belonging to AT&T Internet subscribers in the US have been infected with newly discovered malware that allows the devices to be used in denial-of-service attacks and attacks on internal networks, researchers said on Tuesday. The device… Read More: Thousands of AT&T customers in the US infected by new… »
reader comments 25 with 20 posters participating Share this story Researchers said they’ve discovered a batch of apps downloaded from Google Play more than 300,000 times before the apps were revealed to be banking trojans that surreptitiously siphoned user passwords and two-factor authentication codes, logged keystrokes, and took screenshots. The apps—posing as QR scanners, PDF… Read More: Google Play apps downloaded 300,000 times stole bank credentials »
reader comments 39 with 30 posters participating Share this story PyPI—the open source repository that both large and small organizations use to download code libraries—was hosting 11 malicious packages that were downloaded more than 41,000 times in one of the latest reported such incidents threatening the software supply chain. JFrog, a security firm that monitors… Read More: Malware downloaded from PyPI 41,000 times was surprisingly stealthy »
Enlarge / Never put a GriftHorse on your phone. John Lamparsky | Getty Images reader comments 26 with 21 posters participating Share this story Google has taken increasingly sophisticated steps to keep malicious apps out of Google Play. But a new round of takedowns involving about 200 apps and more than 10 million potential victims… Read More: Hundreds of scam apps hit over 10 million Android devices »
reader comments 45 with 33 posters participating Share this story Scammers have been caught using a clever sleight of hand to impersonate the website for the Brave browser and using it in Google ads to push malware that takes control of browsers and steals sensitive data. The attack worked by registering the domain xn--brav-yva[.]com, an… Read More: With help from Google, impersonated Brave.com website pushes malware »
reader comments 95 with 61 posters participating Share this story As many as 1,500 businesses around the world have been infected by highly destructive malware that first struck software maker Kaseya. In one of the worst ransom attacks ever, the malware, in turn, used that access to fell Kaseya’s customers. The attack struck on Friday… Read More: Up to 1,500 businesses infected in one of the worst… »
Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images reader comments 62 with 50 posters participating Share this story Google has given the boot to nine Android apps downloaded more than 5.8 million times from the company’s Play marketplace after researchers said these apps used a sneaky way to steal users’ Facebook login credentials. In a bid to win… Read More: Apps with 5.8 million Google Play downloads stole users’ Facebook… »
reader comments 47 with 39 posters participating Share this story Microsoft gave its digital imprimatur to a rootkit that decrypted encrypted communications and sent them to attacker-controlled servers, the company and outside researchers said. The blunder allowed the malware to be installed on Windows machines without users receiving a security warning or needing to take… Read More: Microsoft digitally signs malicious rootkit driver »
Getty Images reader comments 70 with 58 posters participating Share this story Counterfeit packages downloaded roughly 5,000 times from the official Python repository contained secret code that installed cryptomining software on infected machines, a security researcher has found. The malicious packages, which were available on the PyPI repository, in many cases used names that mimicked… Read More: Ahoy, there’s malice in your repos—PyPI is the latest to… »