#malware-campaign

[ follow ]
#vs-code-extensions #supply-chain-security #developer-tools #open-vsx-marketplace #ukrainian-targets
Software development
fromInfoWorld
6 days ago

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Malicious VS Code extensions impersonate legitimate developer tools like ESLint, Prettier, and AI coding assistants to infiltrate systems through the Open VSX marketplace.
Information security
fromThe Hacker News
6 days ago

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Russian-linked threat actors deployed DRILLAPP, a JavaScript-based backdoor targeting Ukrainian entities through judicial and charity-themed lures, exploiting Edge browser features for surveillance and file manipulation.
Information security
fromThe Hacker News
1 week ago

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

GlassWorm campaign escalates by using extension dependencies to turn benign-looking packages into malware delivery vehicles after establishing user trust.
Information security
fromThe Hacker News
2 weeks ago

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

A multi-stage malware campaign called VOID#GEIST uses obfuscated batch scripts to deliver encrypted RAT payloads including XWorm, AsyncRAT, and Xeno RAT through fileless execution techniques.
fromThe Hacker News
2 weeks ago

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

Dust Specter used randomly generated URI paths for command-and-control (C2) communication with checksum values appended to the URI paths to ensure that these requests originated from an actual infected system. The C2 server also utilized geofencing techniques and User-Agent verification.
Information security
Information security
fromSecurityWeek
2 weeks ago

North Korean APT Targets Air-Gapped Systems in Recent Campaign

APT37 deployed five new malicious tools in the Ruby Jumper campaign targeting air-gapped systems using USB-based data exfiltration and persistence mechanisms.
fromBleepingComputer
3 weeks ago

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team says that the attacker created fake web app projects built with Next.js and disguised them as coding projects to share with developers during job interviews or technical assessments. The researchers initially identified a repository hosted on the Bitbucket cloud-based Git-based code hosting and collaboration service. However, they discovered multiple repositories that shared code structure, loader logic, and naming patterns.
Information security
[ Load more ]