27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts
An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.
The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads, Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Hackers Attack macOS Using Infostealer To Steal Sensitive Data
[[{“value”:”
Over the past year, macOS users, particularly those in the cryptocurrency sector, have been increasingly targeted by infostealers. These malicious programs aim to harvest credentials and data from crypto wallets.
amf Threat Labs has been monitoring the evolution of these threats and has identified two recent attacks that have successfully deployed infostealers on victims’ macOS systems.
Attack 1: Atomic Stealer via Sponsored Ads
The first attack involves a fake sponsored ad for “Arc Browser” that leads to a malicious website, which can only be accessed through the ad link.
This site distributes a variant of the Atomic Stealer malware, which uses xor encoding to evade detection and employs AppleScript to steal information.
Document
Download Free CISO’s Guide to Avoiding the Next Breach
Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.
Understand the importance of a zero trust strategy
Complete Network security Checklist
See why relying on a legacy VPN is no longer a viable security strategy
Get suggestions on how to present the move to a cloud-based network security solution
Explore the advantages of converged network security over legacy approaches
Discover the tools and technologies that maximize network security
Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.
Much like the Atomic stealer sample dissected above, this stealer also prompts the user for their macOS login password using the following AppleScript call.
Google ad services link:
hXXps://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwiC8Jm6-ZSFAxUIwUwCHXbYB3MYABAAGgJ0bQ&ase=2&gclid=EAIaIQobChMIgvCZuvmUhQMVCMFMAh122AdzEAAYASAAEgKHuvD_BwE&ei=0lQEZp-wCbWqptQP-Kq0mA8&ohost=www.google.com&cid=CAASJORoo4VHmMOQTyTY97tSpGDZA1DEcypIUn9R0xOdHJi1x9N3KQ&sig=AOD64_2IOygLFSykCaouP6GmJOVlWRg3AA&q&sqi=2&nis=4&adurl&ved=2ahUKEwif4Y66-ZSFAxU1lYkEHXgVDfMQ0Qx6BAgJEAE
The malware prompts users for their macOS password to access keychain data and sends the stolen information to the attacker’s server.
Attack 2: Meethub Application
The second attack uses a fake Meethub application, which poses as a virtual meeting platform. The attackers, who have a significant online presence, lure victims through direct messages on social media, discussing topics like podcast recordings or job opportunities.
The unsigned Meethub application, once downloaded, prompts users for their macOS password and uses various tools to extract sensitive data, including:
collection of usernames and passwords from browser login data
the ability to pull credit card details
stealing data from a list of installed crypto wallets, among which are Ledger and Trezor
The stolen data is then sent to the attacker’s server.
According to the report, these attacks highlight the growing trend of targeting macOS users in the cryptocurrency industry.
Attackers use sophisticated social engineering techniques to build rapport and gain trust before deploying their infostealers.
Users must remain vigilant and cautious of unsolicited communications, especially cryptocurrency-related ones. They should always verify the legitimacy of applications and be wary of providing sensitive information or credentials.
Are you from the SOC and DFIR Teams? – Analyse linux Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers.
"Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account," Sonar vulnerability Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms
[[{“value”:”
In February 2023, French police arrested well-known Finnish hacker Aleksanteri Kivimäki, who was living under a false identity near Paris. He was deported to Finland. His trial ended last month.