Jake in the desert<p>As 'AI' coding 'assistants' invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware <a href="https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/04/12/ai_</span><span class="invisible">code_suggestions_sabotage_supply_chain</span></a></p><p><a href="https://c.im/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>coding</span></a> <a href="https://c.im/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://c.im/tags/AIBullshit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AIBullshit</span></a> <a href="https://c.im/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.
Administered by:
Server stats:
488active users
social.coop: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#malware
47 posts · 35 participants · 0 posts today
The New Oil<p>New <a href="https://mastodon.thenewoil.org/tags/ResolverRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResolverRAT</span></a> <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> targets <a href="https://mastodon.thenewoil.org/tags/pharma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pharma</span></a> and <a href="https://mastodon.thenewoil.org/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthcare</span></a> orgs worldwide</p><p><a href="https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
beardedtechguy@infosec:~$<p>ResolverRAT is distributed through phishing emails claiming to be legal or copyright violations tailored to languages that match the target's country.</p><p>New ResolverRAT malware targets pharma and healthcare orgs worldwide <a href="https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/</span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a></p>
Schneier on Security RSS<p>Slopsquatting</p><p>As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names&... <a href="https://www.schneier.com/blog/archives/2025/04/slopsquatting.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">schneier.com/blog/archives/202</span><span class="invisible">5/04/slopsquatting.html</span></a></p><p> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Uncategorized</span></a> <a href="https://burn.capital/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://burn.capital/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a> <a href="https://burn.capital/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a></p>
StanceOfMind<p>Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool</p><p><a href="https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/04/chin</span><span class="invisible">ese-hackers-target-linux-systems.html</span></a> <a href="https://tech.lgbt/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://tech.lgbt/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://tech.lgbt/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://tech.lgbt/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://tech.lgbt/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>China</span></a> <a href="https://tech.lgbt/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tech</span></a> <a href="https://tech.lgbt/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a></p>
Quad9DNS<p>We’re seeing an increasing volume of blocked queries to the SocGholish-related domain - blackshelter[.]org in the last several days. </p><p><a href="https://mastodon.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> <a href="https://mastodon.social/tags/SocGholish" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocGholish</span></a> <a href="https://mastodon.social/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
AAKL<p>Palo Alto, from yesterday: Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware <a href="https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">unit42.paloaltonetworks.com/sl</span><span class="invisible">ow-pisces-new-custom-malware/</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a></p>
not Evander Sinque<p>Es gibt nichts zu sehen, bitte gehen Sie weiter. <a href="https://mastodon.social/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoft</span></a> <a href="https://mastodon.social/tags/keylogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keylogger</span></a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
alecm<p><strong>The Pall Mall Pact and why it matters | Malwarebytes | …I don’t entirely agree that this is a good thing</strong></p><p>Speaking as an <a href="https://en.wikipedia.org/wiki/Crack_(password_software)" rel="nofollow noopener noreferrer" target="_blank">author of “hacking tools” which have inspired the “hacking tools” of today</a> — tools used by the kinds of people who *found* companies like Malwarebytes — I find perspectives such as this to be problematic, hypocritical, and lacking in dual-use perspective:</p><blockquote><p>Commercial hacking tools have enabled intrusive surveillance practices that undermine fundamental freedom and human rights.</p></blockquote> <p>With a starting position like this, I worry about where we may end up for software freedom. The ITAR encryption regime and the Wassenaar “export control of malware” debacle need not be repeated.</p><p><a href="https://www.malwarebytes.com/blog/news/2025/04/the-pall-mall-pact-and-why-it-matters" rel="nofollow noopener noreferrer" target="_blank">https://www.malwarebytes.com/blog/news/2025/04/the-pall-mall-pact-and-why-it-matters</a></p><p><a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://alecmuffett.com/article/tag/hacking-tools" target="_blank">#hackingTools</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://alecmuffett.com/article/tag/malware" target="_blank">#malware</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://alecmuffett.com/article/tag/pall-mall-pact" target="_blank">#pallMallPact</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://alecmuffett.com/article/tag/pall-mall-process" target="_blank">#pallMallProcess</a></p>
Andrew 🌻 Brandt 🐇<p>Last week I posted a thread about a <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spam</span></a> campaign delivering a <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ConnectWise</span></a> client as its payload. As of this morning, the threat actors have changed the payload (<a href="https://www.virustotal.com/gui/file/30e1d059262b851a2b432ec856aeba5bb639ba764aa85643703163d62000a2f4" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/file/30e1d0</span><span class="invisible">59262b851a2b432ec856aeba5bb639ba764aa85643703163d62000a2f4</span></a>) and it appears to try to connect to the address "relay.noscreener[.]info" which resolves to 104.194.145.66.</p><p>Embedded in the installer .msi file is a file called system.config, which contains this domain name and a base64-encoded string.</p><p>The fake Social Security website is still being hosted on a compromised site that belongs to a temp agency based on the east coast of the US.</p><p>Previous thread:</p><p><a href="https://infosec.exchange/@threatresearch/114315246724920453" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@threatresear</span><span class="invisible">ch/114315246724920453</span></a></p><p><a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malspam</span></a></p>
Pyrzout :vm:<p>New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms – Source: securityaffairs.com <a href="https://ciso2ciso.com/new-malware-resolverrat-targets-healthcare-pharmaceutical-firms-source-securityaffairs-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/new-malware-reso</span><span class="invisible">lverrat-targets-healthcare-pharmaceutical-firms-source-securityaffairs-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/informationsecuritynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationsecuritynews</span></a> <a href="https://social.skynetcloud.site/tags/ITInformationSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITInformationSecurity</span></a> <a href="https://social.skynetcloud.site/tags/SecurityAffairscom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityAffairscom</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/PierluigiPaganini" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PierluigiPaganini</span></a> <a href="https://social.skynetcloud.site/tags/SecurityAffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityAffairs</span></a> <a href="https://social.skynetcloud.site/tags/SecurityAffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityAffairs</span></a> <a href="https://social.skynetcloud.site/tags/BreakingNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BreakingNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/hackingnews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hackingnews</span></a> <a href="https://social.skynetcloud.site/tags/ResolverRat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResolverRat</span></a> <a href="https://social.skynetcloud.site/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.skynetcloud.site/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.skynetcloud.site/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthcare</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a></p>
Xavier Ashe :donor:<p><a href="https://infosec.exchange/tags/VXUnderground" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VXUnderground</span></a> has posted a "best of" page with their favorite papers. I think some of these should be required reading for red teamers, malware researchers, or vulnerability researchers. Thoughts?<br><a href="https://vx-underground.org/Best%20Of" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">vx-underground.org/Best%20Of</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/malware_research" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware_research</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a></p>
Colin Purrington<p>Would anyone be willing to give me some Wordpress advice? A guy *claiming* to be from Bluehost just called and said my hosted site has malware, then offered me $360/yr protection plan. Refused to say anything about where malware was located or how to fix. Jerk. Bluehost is too expensive already and I'm toying with just pulling the plug on my site altogether (it's not very popular), or maybe porting it over to the $4/month (?) version at wordpress.com. I'd be grateful for any tips on removing malware, finding cheaper host, and whether terminating a blog makes sense. <a href="https://flipping.rocks/tags/wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wordpress</span></a> <a href="https://flipping.rocks/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://flipping.rocks/tags/hosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hosting</span></a> <a href="https://flipping.rocks/tags/blog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blog</span></a></p>
Hackread.com<p>🚨 Spyware added during manufacturing: Cheap Android phones come preloaded with malware stealing crypto via fake <a href="https://mstdn.social/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatsApp</span></a> and other apps.</p><p>Read: <a href="https://hackread.com/pre-installed-malware-cheap-android-phones-crypto-fake-whatsapp/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/pre-installed-mal</span><span class="invisible">ware-cheap-android-phones-crypto-fake-whatsapp/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://mstdn.social/tags/Crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Crypto</span></a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a></p>
securityaffairs<p>New <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> ‘<a href="https://infosec.exchange/tags/ResolverRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResolverRAT</span></a>’ targets <a href="https://infosec.exchange/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthcare</span></a>, pharmaceutical firms<br><a href="https://securityaffairs.com/176537/malware/new-malware-resolverrat-targets-healthcare-pharmaceutical-firms.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/176537/mal</span><span class="invisible">ware/new-malware-resolverrat-targets-healthcare-pharmaceutical-firms.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
LavX News<p>Microsoft's 0x80070643 Error: A Deep Dive into Windows Recovery Environment Challenges</p><p>Microsoft has confirmed that the 0x80070643 error encountered by Windows users during the April 2025 WinRE update is misleading and does not affect system functionality. This article explores the impl...</p><p><a href="https://news.lavx.hu/article/microsoft-s-0x80070643-error-a-deep-dive-into-windows-recovery-environment-challenges" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.lavx.hu/article/microsoft</span><span class="invisible">-s-0x80070643-error-a-deep-dive-into-windows-recovery-environment-challenges</span></a></p><p><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://mastodon.cloud/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.cloud/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://mastodon.cloud/tags/WindowsUpdate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsUpdate</span></a></p>
AAKL<p>Morphisec: New Malware Variant Identified: ResolverRAT Enters the Maze <a href="https://www.morphisec.com/blog/new-malware-variant-identified-resolverrat-enters-the-maze/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">morphisec.com/blog/new-malware</span><span class="invisible">-variant-identified-resolverrat-enters-the-maze/</span></a> <span class="h-card" translate="no"><a href="https://bird.makeup/users/morphisec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>morphisec</span></a></span> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
OTX Bot<p>Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware</p><p>Slow Pisces, a North Korean state-sponsored threat group, has launched a campaign targeting cryptocurrency developers using LinkedIn recruitment schemes and malicious coding challenges. The group impersonates recruiters, sending benign PDFs with job descriptions followed by coding tasks linked to compromised GitHub repositories. These repositories contain malware disguised as legitimate projects, using techniques like YAML deserialization and EJS rendering to execute malicious code. The campaign introduces new malware named RN Loader and RN Stealer, which gather victim information and potentially establish persistent access. This sophisticated approach has reportedly led to over $1 billion in cryptocurrency theft in 2023 alone.</p><p>Pulse ID: 67fce4dbd05e59dcedb21adc<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67fce4dbd05e59dcedb21adc" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67fce</span><span class="invisible">4dbd05e59dcedb21adc</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-14 10:35:07</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/LinkedIn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinkedIn</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NorthKorea</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PDF</span></a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>developers</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
rexi<p><a href="https://www.theregister.com/AMP/2025/04/12/ai_code_suggestions_sabotage_supply_chain/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/AMP/2025/04/12</span><span class="invisible">/ai_code_suggestions_sabotage_supply_chain/</span></a></p><p>create a malicious software package under a hallucinated package name and then upload the bad package…when an <a href="https://mastodon.social/tags/AIcodeassistant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AIcodeassistant</span></a> re-hallucinates the co-opted name, the process of installing dependencies and executing the code will run the <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a>…</p><p>…a form of typosquatting, where variations or misspellings of common terms are used to dupe people. Seth Michael Larson, <a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> Software Foundation, has dubbed it <a href="https://mastodon.social/tags/slopsquatting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>slopsquatting</span></a> – "slop" being a common pejorative for AI output</p>
kalvn<p>L'IA invente parfois des noms de packages qui n'existent pas et essayent de les télécharger (vibe coding, tout ça). Alors des gens ont créé ces packages sous forme de malware. Évidemment.</p><p>🔗 <a href="https://www.theregister.com/AMP/2025/04/12/ai_code_suggestions_sabotage_supply_chain/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/AMP/2025/04/12</span><span class="invisible">/ai_code_suggestions_sabotage_supply_chain/</span></a></p><p><a href="https://mastodon.xyz/tags/intelligenceartificielle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>intelligenceartificielle</span></a> <a href="https://mastodon.xyz/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://mastodon.xyz/tags/package" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>package</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload