T1071.001 13

• 5 Malicious Rust Crates Posed as Time Utilities to Exfiltrate .env Files Mar 10, 2026
• Malicious Go "crypto" Module Steals Passwords and Deploys Rekoobe Backdoor Feb 26, 2026
• Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds Feb 13, 2026
• PyPI Package Impersonates SymPy to Deliver Cryptomining Malware Jan 21, 2026
• Malicious Chrome Extension Steals MEXC API Keys for Account Takeover Jan 12, 2026
• Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys Sep 24, 2025
• Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram Aug 21, 2025
• Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS May 7, 2025
• The Bad Seeds: Malicious npm and PyPI Packages Pose as Developer Tools to Steal Wallet Credentials Apr 22, 2025
• Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy Feb 25, 2025
• North Korean APT Lazarus Targets Developers with Malicious npm Package Jan 29, 2025
• Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts Dec 20, 2024
• Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft Nov 27, 2024