Datadog determined that MUT-1244 utilized multiple vectors for spreading @0xengine/xmlrpc, including both phishing emails and malicious GitHub repositories that masqueraded as legitimate.
The attackers' approach not only exploited vulnerabilities but also used technologies familiar to developers, making the malicious packages more likely to be executed by unsuspecting users.
MUT-1244 showcased a high level of professionalism in its execution, but made a critical mistake by leaving behind a phishing email template that exposed their tactics.
Ultimately, the campaign spearheaded by MUT-1244 revealed a sophisticated understanding of both target audiences and exploitation strategies, leading to the theft of 390,000 credentials.
Collection
[
|
...
]