Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web browser.
The package in question, named «nodejs_net_server» and downloaded over 1,283 times since February 2019, was last updated seven months ago , with its corresponding repository leading to non-existent locations hosted on GitHub.
Stack Overflow Teams
While the first version of the package was published just to test the process of publishing an NPM package, the developer, who went by the name of «chrunlee», made revisions to implement a remote shell functionality which was improvised over several subsequent versions.
If anything, the development once again exposes the gaps in relying on third-party code hosted on public package repositories as software supply chain attacks become a popular tactic for threat actors to abuse the trust in interconnected IT software to stage increasingly sophisticated security breaches.
«Growing popularity of software package repositories and their ease of use make them a perfect target,» Zanki said.
XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems
Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple’s macOS operating system.
Stack Overflow Teams
«For as low as $49 on the Darknet, hackers can buy licenses for the new malware, enabling capabilities to harvest log-in credentials, collect screenshots, log keystrokes, and execute malicious files,» cybersecurity firm Check Point said in a report shared with The Hacker News.
Distributed via spoofed emails containing malicious Microsoft Office documents, XLoader is estimated to infected victims spanning across 69 countries between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China’s special administrative regions , Mexico, Germany, and France.
While the very first Formbook samples were detected in the wild in January 2016, the sale of the malware on underground forums stopped in October 2017, only to be resurrected more than two years later in the form of XLoader in February 2020.
According to statistics released by Check Point earlier this January, Formbook was third among the most prevalent malware families in December 2020, impacting 4% of organizations worldwide.
« is far more mature and sophisticated than its predecessors, supporting different operating systems, specifically macOS computers,» said Yaniv Balmas, head of cyber research at Check Point. «Historically, macOS malware hasn’t been that common. They usually fall into the category of ‘spyware’, not causing too much damage».
Several New Critical Flaws Affect CODESYS Industrial Automation Software
Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller platform that could be remotely exploited to take control of a company’s cloud operational technology infrastructure.
Prevent Data Breaches
In a «bottom-up» complex exploit chain devised by Claroty, a mix of CVE-2021–34566, CVE-2021–34567, and CVE-2021–29238 were exploited to obtain remote code execution on the WAGO PLC, only to gain access to the CODESYS WebVisu human-machine interface and stage a cross-site request forgery attack to seize control of the CODESYS automation server instance.
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT