Topic: developer targeting
-
19 Malicious Visual Studio Code Extensions Uncovered
A malicious campaign used 19 Visual Studio Code extensions to hide malware, often by embedding a tampered npm package or disguising a binary archive as a PNG image to evade detection. The attacks targeted developers by mimicking trusted tools, with some extensions executing a Trojan upon launch a...
Read More » -
Malicious npm Packages Target Ethereum Smart Contracts
A new wave of malicious npm packages uses Ethereum smart contracts to hide command-and-control infrastructure, making detection more difficult. Attackers also created fake GitHub repositories with artificially inflated metrics to appear legitimate and target cryptocurrency developers. This campai...
Read More » -
Malicious Rust Packages Target Web3 Developers
Malicious packages uploaded to the Rust registry (crates.io) impersonated legitimate developer tools, stealing cryptocurrency by executing a stealthy, multi-stage attack after being downloaded thousands of times. The malware specifically checked for and evaded a leading Chinese antivirus program,...
Read More » -
Nintendo Issues DMCA Takedowns for All Major Switch Emulators
Nintendo has launched a major DMCA takedown campaign against key Switch emulators like Citron and Skyline, targeting both active and dormant projects on GitHub to eliminate them as piracy conduits. In response, some emulator developers are moving their code to private servers, making complete era...
Read More » -
Dangerous VSCode Extensions Steal Crypto on OpenVSX
Malicious extensions in the VSCode ecosystem, such as C++ Playground and HTTP Format, have been downloaded thousands of times and are designed to steal cryptocurrency or create backdoors, with the threat actor TigerJack repeatedly uploading them under new names to evade detection. These extension...
Read More » -
Self-Replicating Worm Infects 180+ npm Packages in Automated Attack
A self-replicating worm named "Shai-hulud" is spreading through the npm ecosystem, infecting over 180 packages and stealing developer credentials to propagate further. The worm uses stolen authentication tokens to inject malicious code, exfiltrate sensitive data like GitHub and AWS keys, and make...
Read More »