Search This Blog

Showing posts with label Safey. Show all posts

This Infostealer has a Lethal Sting for Python Developers


Checkmarx cybersecurity researchers discovered over two dozen malicious packages on PyPI, a popular repository for Python developers, and published their findings in a new report (opens in new tab). 

These malicious packages, which are designed to look almost identical to legitimate ones, attempt to dupe inexperienced developers into downloading and installing the wrong one, thereby spreading malware. The practice is known as typosquatting, and it is widely used by cybercriminals who target software developers. 

The attackers use two distinct methods to conceal the malware: steganography and polymorphism. Steganography is the practice of concealing code within an image, allowing threat actors to spread malicious code via seemingly innocent.JPGs and.PNGs. Polymorphic malware, on the other hand, changes the payload with each installation, allowing it to avoid detection by antivirus software and other cybersecurity solutions.

These techniques were used by the attackers to deliver WASP, an infostealer capable of stealing people's Discord accounts, passwords, cryptocurrency wallet information, credit card data, and any other information on the victim's endpoint that the attacker deems interesting.

When the data is identified, it is returned to the attackers via a hard-coded Discord webhook address. The campaign appears to be a marketing ploy, as researchers discovered threat actors advertising the tool on the dark web for $20 and claiming that it is undetectable.

Furthermore, the researchers believe this is the same group that was behind a similar attack reported earlier this month by Phylum(opens in new tab) and Check Point researchers (opens in new tab). It was previously stated that a group known as Worok had been distributing DropBoxControl, a custom.NET C# infostealer that uses Dropbox file hosting for communication and data theft, since at least September 2022.

Worok, based on its toolkit, is thought to be the work of a cyberespionage group that operates quietly, moves laterally across target networks, and steals sensitive data. It also appears to be using its own, proprietary tools, as no one else has been observed using them.

Classified NATO Documents Stolen from Portugal, Now Sold on Darkweb


The Portuguese Armed Forces General Staff Agency (EMGFA) was reportedly the victim of a cyberattack that resulted in the theft of classified NATO documents, which are now being sold on the dark web. 

EMGFA is the government agency in charge of controlling, planning, and operating Portugal's armed forces. The agency only discovered it had been hacked after hackers posted samples of the stolen material on the dark web, offering to sell the files to interested parties. 

American cyber-intelligence agents discovered the sale of stolen documents and notified the US embassy in Lisbon, which alerted the Portuguese government of the data breach. A team of experts from the National Security Office (GNS) and Portugal's national cybersecurity centre was immediately dispatched to EMGFA to carry out the a complete screening of the body’s entire network.

The story was first reported by the local news outlet Diario de Noticias, which claims to have confirmed the accuracy of the information through anonymous sources close to the ongoing investigations. According to these sources, the leaked documents are of "extreme gravity," and their dissemination could jeopardise the country's credibility in the military alliance.

“It was a cyberattack prolonged in time and undetectable, through bots programmed to detect this type of documents, which were later removed in several stages,” stated one of DN’s sources.

EMGFA's computers are air-gapped, but the exfiltration used standard non-secure lines. As a result, the investigation's first conclusion is that the top military body violated its operational security rules at some point. As of today, no official statement has been issued by the Portuguese government on the subject, but the political opposition is increasing pressure for a briefing in response to DN's report.

Many members of parliament expressed surprise after learning that classified military documents were being sold on the internet and that the country's intelligence services had failed to detect such a critical breach. As a result, they asked the chairman of the parliamentary defence committee, Marcos Perestrello, to intervene and schedule hearings on the incident as soon as possible.