Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Jun 14, 2025Ravie LakshmananMalware / Threat Intelligence A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets." The issue with Discord's invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites. Details of the campaign come a little over a month after the cybersecurity company revealed another sophisticated phishing campaign that hijacked expired vanity invite links to entice users into joining a Discord server and instruct them to visit a phishing site to verify ownership, only to have their digital assets drained upon connecting their wallets. While users can create temporary, permanent, or custom (vanity) invite links on Discord, the platform prevents other legitimate servers from reclaiming a previously expired or deleted invite. However, Check Point found that creating custom invite links allows the reuse of expired invite codes and even deleted permanent invite codes in some cases. This ability to reuse Discord expired or deleted codes when creating custom vanity invite links opens the door to abuse, allowing attackers to claim it for their malicious server. "This creates a serious risk: Users who follow previously trusted invite links (e.g., on websites, blogs, or forums) can unknowingly be redirected to fake Discord servers created by threat actors," Check Point said. The Discord invite-link hijacking, in a nutshell, involves taking control of invite links originally shared by legitimate communities and then using them to redirect users to the malicious server. Users who fall prey to the scheme and join the server are asked to complete a verification step in order to gain full server access by authorizing a bot, which then leads them to a fake website with a prominent "Verify" button. This is where the attackers take the attack to the next level by incorporating the infamous ClickFix social engineering tactic to trick users into infecting their systems under the pretext of verification. Specifically, clicking the "Verify" button surreptitiously executes JavaScript that copies a PowerShell command to the machine's clipboard, after which the users are urged to launch the Windows Run dialog, paste the already copied "verification string" (i.e., the PowerShell command), and press Enter to authenticate their accounts. But in reality, performing these steps triggers the download of a PowerShell script hosted on Pastebin that subsequently retrieves and executes a first-stage downloader, which is ultimately used to drop AsyncRAT and Skuld Stealer from a remote server and execute them. At the heart of this attack lies a meticulously engineered, multi-stage infection process designed for both precision and stealth, while also taking steps to subvert security protections through sandbox security checks. AsyncRAT, which offers comprehensive remote control capabilities over infected systems, has been found to employ a technique called dead drop resolver to access the actual command-and-control (C2) server by reading a Pastebin file. The other payload is a Golang information stealer that's downloaded from Bitbucket. It's equipped to steal sensitive user data from Discord, various browsers, crypto wallets, and gaming platforms. Skuld is also capable of harvesting crypto wallet seed phrases and passwords from the Exodus and Atomic crypto wallets. It accomplishes this using an approach called wallet injection that replaces legitimate application files with trojanized versions downloaded from GitHub. It's worth noting that a similar technique was recently put to use by a rogue npm package named pdf-to-office. The attack also employs a custom version of an open-source tool known as ChromeKatz to bypass Chrome's app-bound encryption protections. The collected data is exfiltrated to the miscreants via a Discord webhook. The fact that payload delivery and data exfiltration occur via trusted cloud services such as GitHub, Bitbucket, Pastebin, and Discord allows the threat actors to blend in with normal traffic and fly under the radar. Discord has since disabled the malicious bot, effectively breaking the attack chain. Check Point said it also identified another campaign mounted by the same threat actor that distributes the loader as a modified version of a hacktool for unlocking pirated games. The malicious program, also hosted on Bitbucket, has been downloaded 350 times. It has been assessed that the victims of these campaigns are primarily located in the United States, Vietnam, France, Germany, Slovakia, Austria, the Netherlands, and the United Kingdom. The findings represent the latest example of how cybercriminals are targeting the popular social platform, which has had its content delivery network (CDN) abused to host malware in the past. "This campaign illustrates how a subtle feature of Discord's invite system, the ability to reuse expired or deleted invite codes in vanity invite links, can be exploited as a powerful attack vector," the researchers said. "By hijacking legitimate invite links, threat actors silently redirect unsuspecting users to malicious Discord servers." "The choice of payloads, including a powerful stealer specifically targeting cryptocurrency wallets, suggests that the attackers are primarily focused on crypto users and motivated by financial gain." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

May 26, 2025Ravie LakshmananCybersecurity / Cryptocurrency As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts, come with an install‑time script that's triggered during npm install, Socket security researcher Kirill Boychenko said in a report published last week. The libraries have been collectively downloaded over 3,000 times. "The script targets Windows, macOS, or Linux systems, and includes basic sandbox‑evasion checks, making every infected workstation or continuous‑integration node a potential source of valuable reconnaissance," the software supply chain security firm said. The names of the three accounts, each of which published 20 packages within an 11-day time period, are listed below. The accounts no longer exist on npm - bbbb335656 cdsfdfafd1232436437, and sdsds656565 The malicious code, per Socket, is explicitly designed to fingerprint every machine that installs the package, while also aborting the execution if it detects that it's running in a virtualized environment associated with Amazon, Google, and others. The harvested information, which includes host details, system DNS servers, network interface card (NIC) information, and internal and external IP addresses, is then transmitted to a Discord webhook. "By harvesting internal and external IP addresses, DNS servers, usernames, and project paths, it enables a threat actor to chart the network and identify high‑value targets for future campaigns," Boychenko said. The disclosure follows another set of eight npm packages that masquerade as helper libraries for widely-used JavaScript frameworks including React, Vue.js, Vite, Node.js, and the open-source Quill Editor, but deploy destructive payloads once installed. They have been downloaded more than 6,200 times and are still available for download from the repository - vite-plugin-vue-extend quill-image-downloader js-hood js-bomb vue-plugin-bomb vite-plugin-bomb vite-plugin-bomb-extend, and vite-plugin-react-extend "Masquerading as legitimate plugins and utilities while secretly containing destructive payloads designed to corrupt data, delete critical files, and crash systems, these packages remained undetected," Socket security researcher Kush Pandya said. Some of the identified packages have been found to execute automatically once developers invoke them in their projects, enabling recursive deletion of files related to Vue.js, React, and Vite. Others are designed to either corrupt fundamental JavaScript methods or tamper with browser storage mechanisms like localStorage, sessionStorage, and cookies. Another package of note is js-bomb, which goes beyond deleting Vue.js framework files by also initiating a system shutdown based on the current time of the execution. The activity has been traced to a threat actor named xuxingfeng, who has also published five legitimate, non-malicious packages that work as intended. Some of the rogue packages were published in 2023. "This dual approach of releasing both harmful and helpful packages creates a facade of legitimacy that makes malicious packages more likely to be trusted and installed," Pandya said. The findings also follow the discovery of a novel attack campaign that combines traditional email phishing with JavaScript code that's part of a malicious npm package disguised as a benign open-source library. "Once communication was established, the package loaded and delivered a second-stage script that customized phishing links using the victim's email address, leading them to a fake Office 365 login page designed to steal their credentials," Fortra researcher Israel Cerda said. The starting point of the attack is a phishing email containing a malicious .HTM file, which includes encrypted JavaScript code hosted on jsDelivr and associated with a now-removed npm package named citiycar8. Once installed, the JavaScript payload embedded within the package is used to initiate a URL redirection chain that eventually leads the user to a bogus landing page designed to capture their credentials. "This phishing attack demonstrates a high level of sophistication, with threat actors linking technologies such as AES encryption, npm packages delivered through a CDN, and multiple redirections to mask their malicious intentions," Cerda said. "The attack not only illustrates the creative ways that attackers attempt to evade detection but also highlights the importance of vigilance in the ever-evolving landscape of cybersecurity threats." The abuse of open-source repositories for malware distribution has become a tried-and-tested approach for conducting supply chain attacks at scale. In recent weeks, malicious data-stealing extensions have also been uncovered in Microsoft's Visual Studio Code (VS Code) Marketplace that are engineered to siphon cryptocurrency wallet credentials by targeting Solidity developers on Windows. The activity has been attributed by Datadog Security Research to a threat actor it tracks as MUT-9332. The names of the extensions are as follows - solaibot among-eth, and blankebesxstnion "The extensions disguise themselves as legitimate, concealing harmful code within genuine features, and use command and control domains that appear relevant to Solidity and that would not typically be flagged as malicious," Datadog researchers said. "All three extensions employ complex infection chains that involve multiple stages of obfuscated malware, including one that uses a payload hidden inside an image file hosted on the Internet Archive." Specifically, the extensions were advertised as offering syntax scanning and vulnerability detection for Solidity developers. While they offer genuine functionality, the extensions are also designed to deliver malicious payloads that steal cryptocurrency wallet credentials from victim Windows systems. The three extensions have since been taken down. The end goal of the VS Code extension is to slip a malicious Chromium-based browser extension that's capable of plundering Ethereum wallets and leaking them to a command-and-control (C2) endpoint. It's also equipped to install a separate executable that disables Windows Defender scanning, scans application data directories for Discord, Chromium-based browsers, cryptocurrency wallets, and Electron applications, and retrieves and executes an additional payload from a remote server. MUT-9332 is also assessed to be behind a recently disclosed campaign that involved the use of 10 malicious VS Code extensions to install an XMRig cryptominer by passing off as coding or artificial intelligence (AI) tools. "This campaign demonstrates the surprising and creative lengths to which MUT-9332 is willing to go when it comes to concealing their malicious intentions," Datadog said. "These payload updates suggest that this campaign will likely continue, and the detection and removal of this first batch of malicious VS Code extensions may prompt MUT-9332 to change tactics in subsequent ones." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Acurast has raised $5.4 million to use smartphones to power a global decentralized cloud computing network. The company raised the money in a community led investment round by premier cryptocurrency launchpad CoinList. The sale concluded on May 22, 2025, with Acurast’s ACU token priced at nine cents, resulting in a fully diluted valuation of $90 million.“Most of the newly raised capital will be used to enhance our protocol, which continues proving that compute can be verifiable, confidential, energy-efficient, and truly decentralised, powered by the phones in our pockets,” said Alessandro De Carli, president of the board and cofounder of Acurast, in a statement.Acurast has raised $5.4 million. Acurast enables users to participate in confidential compute tasks, decentralized AI, and blockchain infrastructure, all while earning rewards by leveraging the processing power of smartphones. The protocol transforms everyday phones into secure, decentralized compute nodes, powering a global networkspanning over 130 countries.Acurast has onboarded over 72,000 smartphones, or “compute units,” worldwide onto its decentralized testnet with over 256 million transactions, making it the most decentralized and verifiable computenetwork available today, eliminating the need for centralized data centers. Acurast utilizes Trusted Execution Environments (TEEs) and Hardware Security Modules (HSMs) of the mobile phones to ensure secure and scalable compute, while maintaining confidentiality without requiring trust in the device owner. “The ACU token lies at the heart of this economy. Acurast allows anyone and everyone to run compute with their mobile phones, providing real decentralisation, and become stakeholders in the networkpowering a secure, scalable and decentralised computer economy while incentivising activecollaboration and sustainable growth,” said De Carli.Over 300 websites and games were created on Acurast in the last 24 hours using just a prompt with Vibe Code and Deploy — live instantly on a decentralized network powered by phones. Acurast’s high-performance Proof of Stake blockchain orchestrates global demand and supply for secure decentralized compute, without centralized data centers. This chain verifies genuine hardware on-chain with Smartphone manufacture attestations and anchors confidential workloads, ensuring trustless and verifiable execution across billions of smartphones. Acurast’s Android and iOS apps offer end-to-end checks of each phone’s secure elements, delivering unstoppable trustless compute at scale. Acurast is creating a global decentralized cloud using smartphones in 130 countries. Acurast delivers a next-generation decentralized confidential compute platform, purpose-built for the demands of web3, AI, and beyond. Developers can seamlessly deploy and scale JavaScript, TypeScript, Node.js, and WASM workloads via a simple CLI, with access to thousands of NPM packages and deep integration across major ecosystems. Centered on openness, composability, and decentralization, Acurast forms the foundational layer for the decentralized compute economy, unlocking mass adoption and enabling unprecedented innovation for web3 and beyond. ACU tokens have a total supply of 1,000,000,000 tokens at genesis with the token utility being around network fees, settlement layers, staking and governance. Daily insights on business use cases with VB Daily If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI. Read our Privacy Policy Thanks for subscribing. Check out more VB newsletters here. An error occured.

A total of 60 packages were recently removed from NPM.