Enlarge (credit: Getty Images) A backdoor that researchers found hiding inside open source code targeting four German companies was the work of a professional penetration tester. The tester was checking clients’ resilience against a new class of attacks that exploits public repositories used by millions of software projects worldwide. But it could have been bad. […]
Tag: repositories
Malicious packages sneaked into NPM repository stole Discord tokens
Enlarge (credit: Getty Images) Researchers have found another 17 malicious packages in an open source repository, as the use of such repositories to spread malware continues to flourish. This time, the malicious code was found in NPM, where 11 million developers trade more than 1 million packages among each other. Many of the 17 malicious […]
Malware downloaded from PyPI 41, 000 times was surprisingly stealthy
Enlarge (credit: Getty Images ) PyPI—the open source repository that both large and small organizations use to download code libraries—was hosting 11 malicious packages that were downloaded more than 41, 000 times, in one of the latest reported such incidents threatening the software supply chain. JFrog, a security firm that monitors PyPI and other repositories […]
Supply-chain attack that fooled Apple and Microsoft is attracting copycats
Enlarge (credit: Getty Images) Last week, a researcher demonstrated a new supply-chain attack that executed counterfeit code on networks belonging to some of the biggest companies on the planet, Apple, Microsoft, and Tesla included. Now, fellow researchers are peppering the Internet with copycat packages, with more than 150 of them detected so far. The technique […]