Malicious Laravel-Lang Packages Deliver Cross-Platform Credential Stealer

A massive wave of malicious Laravel-Lang packages, with over 700 versions released in just two days, has been used to spread a sneaky cross-platform credential stealer. Security researchers warn that multiple PHP packages from the Laravel-Lang organization were compromised, hinting at a large-scale breach of the organization's…

https://osintsights.com/malicious-laravel-lang-packages-deliver-cross-platform-credential-stealer?utm_source=mastodon&utm_medium=social

#MalwareOperations #Laravel #CredentialStealer #Php #SupplyChain

Mini Shai-Hulud Worm Targets Multiple AI, Dev Packages

Meet the Mini Shai-Hulud worm, a sneaky new malware that's infiltrating AI and development packages through a clever supply-chain attack. This malicious code can steal sensitive data from cloud providers, cryptocurrency wallets, and even popular dev tools like GitHub Actions.

https://osintsights.com/mini-shai-hulud-worm-targets-multiple-ai-dev-packages?utm_source=mastodon&utm_medium=social

#SupplyChain #MalwareOperations #CredentialStealer #AiSecurity #Devsecops

PCPJack Credential Stealer Exploits CVEs to Spread Across Cloud Systems

Meet PCPJack, a sneaky credential stealer that's exploiting vulnerabilities to spread rapidly across cloud systems, swiping sensitive info from services like cloud, finance, and productivity tools. Its operators are after one thing: illicit financial gain.

https://osintsights.com/pcpjack-credential-stealer-exploits-cves-to-spread-across-cloud-systems?utm_source=mastodon&utm_medium=social

#CredentialStealer #CloudSecurity #EmergingThreats #MalwareOperations #CredentialTheft

Malware Worm Exploits npm Packages to Hijack Developer Tokens

Meet CanisterSprawl, a sneaky self-propagating worm that's compromising npm packages and using stolen developer tokens to spread its reach. This malware goes beyond just stealing credentials, turning one infected environment into a web of additional package compromises.

https://osintsights.com/malware-worm-exploits-npm-packages-to-hijack-developer-tokens?utm_source=mastodon&utm_medium=social

#NpmMalware #SupplyChain #MalwareWorm #CredentialStealer #Canistersprawl

Oh no. Here we go again! Another wave of compromised #npm packages. Check your dependencies! This time it even deletes your home directory, if it does not find any secrets 😱

https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains

And it appears that the worm is quite successful again: https://github.com/search?q=sha1-hulud&type=repositories

#ShaiHulud #Malware #CredentialStealer #SupplyChain #SupplyChainAttack #InfoSec

Rhadamanthys Stealer has it's own web, I had missed that completely.

Yet another sign that the Stealer market is growing, maturing and getting increasingly professional and an important part of the ecosystem.

#ThreatIntelligence #Stealer #CredentialStealer #Malware

#HappyFriday everyone! This week I will wrap up with a #readoftheday from ThreatMon and their coverage of the #ZarazaBot. They provide technical analysis of the #credentialstealer and describes some of its behaviors! Enjoy and Happy Hunting!

Zaraza Bot: The New Russian Credential Stealer
https://threatmon.io/wp-content/uploads/2023/05/Zaraza-Bot_-The-New-Russian-Credential-Stealer.pdf

Notable MITRE ATT&CK TTPs:
TA0009 - Collection:
T1005 - Data from Local System
T1113 - Screen Capture
T1119 - Automated Collection
T1074.001 - Data Staged: Local Data Staging

TA0011 - Command And Control
T1071 - Application layer Protocol
T1537 - Encrypted Channel

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting