Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Kirill Boychenko
Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy
Socket researchers uncovered a malicious PyPI package exploiting Deezer's API to enable coordinated music piracy through API abuse and C2 server control.
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
North Korean APT Lazarus Targets Developers with Malicious npm Package
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packages
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Malicious Maven Package Impersonating 'XZ for Java' Library Introduces Backdoor Allowing Remote Code Execution
Socket researchers found a malicious Maven package impersonating the legitimate 'XZ for Java' library, introducing a backdoor for remote code execution.
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Topics
.NET AI Security Backdoor BeaverTail Blockchain Botnet Brandjacking Brazil Brute Force Bulletproof Hosting Chrome Clipper Cloudflare Contagious Interview crates.io Credential Stuffing Critical Infrastructure Crypto Drainer Cryptocurrency Cryptojacker Cryptomining Cursor Cybercrime Dark Web Dependency Confusion Developer Compromise Disinformation Evilginx Exploit Kit Extensions Extortionware Facebook Fraud GitHub Actions GlassWorm Gmail Go Go Modules Google Hacktivism Healthcare HexEval Homoglyphs Human Trafficking Impersonation Influence Operations Infostealer Initial Access Brokers InvisibleFerret Java JavaScript Keylogger LinkedIn Loader Maven Central Meta Microsoft Money Laundering Monkey Patching NATO North Korea npm NuGet OAST Obfuscation Open VSX OpenClaw OtterCookie Phishing Piracy PyPI Python Ransomware RAT Ruby RubyGems Russian Link Rust RustSec SANDWORM_MODE Shai-Hulud Slopsquatting Smart Contracts Social Engineering South Korea Spam Spearphishing Surveillance TruffleHog Typosquatting Türkiye Underground Economy Vietnam VS Code Wagemole Worm XMRig XORIndex