Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. Weโve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case โฆ
Analyzing Impala Stealer โ Payload of the first NuGet attack campaign In this blog post, weโll provide a detailed analysis of a malicious payload weโve dubbed โImpala Stealerโ, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign weโve exposed in our previous post. The sophisticated campaign targeted .NET โฆ
Update 2023-03-21 โ Weโve talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically โ there was no public evidence of severe malicious activity in the โฆ
Welcome to the second post in our series on Malicious Software Packages. This post focuses on the infection methods attackers use to spread malicious packages, and how the JFrog Security research team unveiled them. If you missed the first blog, here are some key takeaways: Third-party software packages contain vulnerabilities or malicious code delivered through โฆ
Welcome to the first post in the malicious software packages series for the DevOps and DevSecOps community. This technical series will focus on various malicious packages and their effects on the software supply chain. Weโll dive deeper into malicious packages in each post, including Defining software supply chain attacks and learning the critical role that malicious โฆ
