Hacker News with Generative AI: Malware

Exposing Russian EFF Impersonators: The Inside Story on Stealc and Pyramid C2 (hunt.io)
Open directories often expose more than just files--they provide a window into how malicious campaigns operate. In this case, we identified a threat actor impersonating the Electronic Frontier Foundation (EFF) to target the online gaming community. The exposed directory contained decoy documents alongside the malware used in this operation: Steal and Pyramid C2.

Cybersecurity, Malware, Hacking, Russia, EFF

90 points by hn_acker 7 hours ago | 10 comments

Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS (socket.dev)
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.

Cybersecurity, Malware, Go Programming, Linux, macOS

10 points by feross 2 days ago | 1 comments

Notorious Malware, Spam Host "Prospero" Moves to Kaspersky Lab (krebsonsecurity.com)
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.

Cybersecurity, Malware, Russia, Kaspersky Lab

69 points by todsacerdoti 6 days ago | 26 comments

Kaspersky exposes hidden malware on GitHub stealing personal data (kaspersky.com)
Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers and cryptoinvestors within a new campaign that was dubbed by Kaspersky as GitVenom.

Cybersecurity, Malware, GitHub, Open Source, Crypto

172 points by 01-_- 6 days ago | 120 comments

VSCode extensions with 9M installs pulled over security risks (bleepingcomputer.com)
Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code.

Security, VSCode, Malware, Open Source

8 points by akyuu 8 days ago | 0 comments

GitHub Hosting Malware Won't Remove After Report (github.com/UpdaterCisco)

Cybersecurity, Software Development, GitHub, Malware

13 points by vedmed 12 days ago | 9 comments

If you work at GitHub security, you are bad at your job (ycombinator.com)
This is getting to be embarrassing. It’s been almost a week of trying to alert GitHub to multiple spoofed repositories serving malware.

Security, GitHub, Malware

13 points by joshdotsmith 17 days ago | 0 comments

GitHub flooded with malware repos spoofing real projects–no response from GitHub (ycombinator.com)
GitHub is being overrun with repositories impersonating legitimate open-source projects to spread malware. One of them is spoofing my own app. I reported it through GitHub’s official channels days ago, reached out on social media, and even contacted individual GitHub employees. No response.

Cybersecurity, Open Source, GitHub, Malware

15 points by joshdotsmith 20 days ago | 4 comments

Neovim tee.exe binary dependency exhibiting illegitimate / unauthorized behavior (github.com/neovim)
While installing/testing neovim in a Windows 11 sandbox environment for security testing purposes before deploying in a commercial environment, the bundled tee.exe binary was classified as Trojan.Malware.300983.susgen. After doing my due diligence to rule out a false positive, I'm finding that this binary is exhibiting what I would consider suspicious behavior.

Security, Software, Windows, Open Source, Malware

94 points by patadune 21 days ago | 12 comments

Researchers find screenshot-reading OCR malware on App Store and Google Play (engadget.com)
Researchers from Kaspersky have identified malware being distributed within apps on both Android and iOS mobile storefronts.

Cybersecurity, Mobile Security, Malware, Android, iOS

4 points by walterbell 27 days ago | 1 comments

Fake VS Code Extension on NPM Spreads Multi-Stage Malware (mend.io)
In a recent discovery, our research team uncovered a fake VS-code extension—truffelvscode—typosquatting the popular truffle for VS-code extension. This extension serves as a trojan horse for multi-stage malware.

Cybersecurity, Malware, Software, Programming, Development

186 points by tomabai 28 days ago | 98 comments

iPhone apps found on App Store with malware that reads your screenshots for data (9to5mac.com)
One of the promises of the App Store is that anything you download has gone through a vetting process by Apple. Occasionally though, iPhone apps with malicious code slip through the cracks, and today, researchers at Kaspersky have reported on new malware they discovered in App Store apps—which they say is ‘the first known case.’

Security, Mobile Security, Malware, Apple, iOS

19 points by mgh2 28 days ago | 3 comments

OCR Crypto Stealers in Google Play and App Store (securelist.com)
In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users’ image galleries in search of crypto wallet access recovery phrases. The search employed an OCR model which selected images on the victim’s device to exfiltrate and send to the C2 server. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Mobile Security, Malware, Cryptocurrency, OCR, Android

35 points by shifty1 29 days ago | 5 comments

iOS App Store apps with screenshot-reading malware found (theverge.com)
Apps distributed through both Apple and Google’s app stores are hiding malicious screenshot-reading code that’s being used to steal cryptocurrency, the cybersecurity software firm Kaspersky reported today.

Cybersecurity, Malware, Mobile Security, iOS

8 points by hassanahmad 29 days ago | 0 comments

FBI, Dutch police disrupt 'Manipulaters' phishing gang (krebsonsecurity.com)
The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan.

Cybersecurity, Law Enforcement, Phishing, Malware

157 points by todsacerdoti 34 days ago | 62 comments

North Korean Apt Lazarus Targets Developers with Malicious NPM Package (socket.dev)
Socket researchers have discovered the malicious npm package postcss-optimizer, which contains code linked to previously documented campaigns conducted by North Korean state-sponsored threat actors known as Contagious Interview, a subgroup within the broader Lazarus Advanced Persistent Threat (APT) group.

Cybersecurity, North Korea, Software Development, Malware, APT

7 points by feross 36 days ago | 0 comments

Proof of concept WMI virus (zero-day) (github.com/pulpocaminante)
Proof of concept WMI virus. Does what it looks like it does. Virus isn't stored on the filsystem (in any way an AV would detect), but within the WMI. Contains PoC code for extracting it from the WMI- which can also be achieved at boot from within the WMI itself using powershell. So, self-extracting WMI virus that never touches the disk.

Cybersecurity, Malware, Windows, WMI

69 points by alberto-m 37 days ago | 20 comments

macOS now identifies Docker as Malware (github.com/docker)
Malware Blocked. “com.docker.socket” was not opened because it contains malware. this action did not harm your Mac.

macOS, Security, Docker, Malware

6 points by cheerioty 37 days ago | 3 comments

FBI remotely wiped Chinese malware from 4k US computers (moonlock.com)
The United States Department of Justice and the FBI announced that they remotely removed Chinese-linked malware from approximately 4,258 US-based computers and networks.

Cybersecurity, Malware, Government, China, Law Enforcement

8 points by alligatorplum 38 days ago | 0 comments

Fake Homebrew site leverages Google ads to target macOS, Linux devices (scworld.com)
Bad actors are using a fake Homebrew site on a Google ads page to distribute infostealer malware that’s targeting macOS and Linux devices.

Cybersecurity, Malware, Linux, macOS, Google Ads

24 points by marcodiego 39 days ago | 1 comments

Backdoor infecting VPNs used "magic packets" for stealth and security (arstechnica.com)
When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders.

Cybersecurity, VPNs, Malware, Security Breaches, Networking

7 points by pitwin 40 days ago | 0 comments

Hacker infects 18,000 "script kiddies" with fake malware builder (bleepingcomputer.com)
A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers.

Cybersecurity, Hacking, Malware, Data Breaches

212 points by emschwartz 41 days ago | 81 comments

High-severity flaw in file archiver 7-Zip requires manual update (scworld.com)
A flaw in the 7-Zip open-source file archiver tool could enable attackers to craft archives that bypass Windows security warnings, potentially tricking targets into launching malware.

Security, Open Source, Software, Malware

17 points by LinuxBender 43 days ago | 8 comments

"Disable JavaScript" extension contains malware (archive.org)
Anyone know what happened? The repo's README suggests that the extension was sold, but it does not say who the new owner is. The extension's website URL still points to this repo and the webstore page was taken down. I skimmed the JS source code on my machine and didn't see anything suspicious, but Chrome's warning is pretty clear:

Security, Malware, Chrome Extensions, Software

3 points by beretguy 45 days ago | 1 comments

Google serving sponsored link to Homebrew site clone with malware (twitter.com)

Cybersecurity, Google, Malware

53 points by carlos-menezes 46 days ago | 27 comments

FBI forces Chinese malware to delete itself from US computers (arstechnica.com)
The FBI said today that it removed Chinese malware from 4,258 US-based computers and networks by sending commands that forced the malware to use its "self-delete" function.

Cybersecurity, Malware, Government, China, United States

7 points by chha 51 days ago | 2 comments

Justice Dept., FBI and International Partners Delete China-Backed Malware (justice.gov)
The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide.

Cybersecurity, Malware, Law Enforcement, International Cooperation

11 points by Signez 51 days ago | 1 comments

USB RJ-45 adapter with malware from Aliexpress (twitter.com)

Cybersecurity, Hardware, Online Shopping, Malware

17 points by jesprenj 53 days ago | 2 comments

Cheap rj45 ethernet to USB adapter contains malware (twitter.com)

Security, Hardware, Malware

32 points by rsecora 53 days ago | 25 comments

Malware detection prevents Docker Desktop to start on macOS (github.com/docker)

Malware, Docker, macOS, Security, Software

4 points by Olshansky 55 days ago | 1 comments