#typosquatting

[ follow ]
#supply-chain #npm #online-scams #consumer-fraud #cybersecurity #e-commerce-safety #npm-supply-chain-attack
Media industry
fromwww.independent.co.uk
1 week ago

Warning issued to shoppers over fake Tesco and Amazon sites made by scammers

Over 28,000 scam websites impersonating major retailers like Tesco and Amazon were discovered in January, with typosquatting being a primary method to deceive online shoppers into revealing personal information.
Information security
fromThe Hacker News
2 weeks ago

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean threat actors deployed 26 malicious npm packages using steganography to hide command-and-control infrastructure in Pastebin essays, targeting developers with credential stealers and remote access trojans.
Information security
fromThe Hacker News
2 weeks ago

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

A malicious NuGet package named StripeApi.Net impersonated Stripe's legitimate library to steal financial sector developers' API tokens and sensitive data.
Information security
fromTheregister
3 months ago

Scattered Lapsus$ Hunters stress testing Zendesk weak spots

Scattered Lapsus$ Hunters–style attackers are impersonating Zendesk portals using typosquatted domains and weaponized helpdesk tickets to steal credentials and deploy RATs.
Information security
fromIT Pro
3 months ago

The Scattered Lapsus$ Hunters group is targeting Zendesk customers - here's what you need to know

Scattered Lapsus$ Hunters is running a Zendesk-targeted phishing campaign using typosquatted domains, fake SSO portals, and fraudulent tickets to steal credentials and deliver malware.
#supply-chain
more#supply-chain
Information security
fromThe Hacker News
4 months ago

10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Ten malicious npm packages deliver a multi-stage information stealer using obfuscation, fake CAPTCHA, IP fingerprinting, and a 24MB PyInstaller payload targeting Windows, Linux, and macOS.
Information security
fromIT Pro
4 months ago

Hackers are using these malicious npm packages to target developers on Windows, macOS, and Linux systems - here's how to stay safe

Typosquatted npm packages delivered a PyInstaller 24MB infostealer across Windows, macOS, and Linux using multi-layer obfuscation, fake CAPTCHA, and IP fingerprinting.
Information security
fromThe Hacker News
5 months ago

Malicious Rust Crates Steal Solana and Ethereum Keys - 8,424 Downloads Confirmed

Two malicious Rust crates impersonated fast_log to scan source code and exfiltrate Solana and Ethereum private keys to a hardcoded C2 endpoint.
[ Load more ]