60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Kirill Boychenko
Surveillance Malware Hidden in npm and PyPI Packages Targets Developers with Keyloggers, Webcam Capture, and Credential Theft
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
npm 'is' Package Hijacked in Expanding Supply Chain Attack
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
North Korean threat actors linked to the Contagious Interview campaign return with 35 new malicious npm packages using a stealthy multi-stage malware loader.
2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise blockchain and cryptocurrency development environments.
Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam's Telegram ban.
Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.
60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign
Socket's Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord webhook.
Malicious Koishi Chatbot Plugin Exfiltrates Messages Triggered by 8-Character Hex Strings
Malicious Koishi plugin silently exfiltrates messages with hex strings to a hardcoded QQ account, exposing secrets in chatbots across platforms.
Topics
.NET AI Security Backdoor BeaverTail Blockchain Botnet Brandjacking Brazil Brute Force Bulletproof Hosting CanisterWorm Chrome Clipper Cloudflare Composer Contagious Interview crates.io Credential Stuffing Critical Infrastructure Crypto Drainer Cryptocurrency Cryptojacker Cryptomining Cursor Cybercrime Dark Web Dependency Confusion Developer Compromise Disinformation Docker Evilginx Exploit Kit Extensions Extortionware Facebook Fraud GitHub Actions GlassWorm Gmail Go Go Modules Google Google Drive Hacktivism HashiCorp Healthcare HexEval Homoglyphs Human Trafficking Impersonation Influence Operations Infostealer Initial Access Brokers InvisibleFerret Java JavaScript Keylogger LinkedIn Loader Maven Central Meta Microsoft Money Laundering Monkey Patching NATO North Korea npm NuGet OAST Obfuscation Open VSX OpenClaw OtterCookie Packagist Phishing PHP Piracy PyPI Python Ransomware RAT Ruby RubyGems Russian Link Rust RustSec SANDWORM_MODE Shai-Hulud Slopsquatting Smart Contracts Social Engineering South Korea Spam Spearphishing Surveillance TeamPCP TruffleHog Typosquatting Türkiye Underground Economy Vietnam VS Code Wagemole Webhook Worm XMRig XORIndex