Intrusions exploiting nefarious npm packages and the BeaverTail malware have been launched by North Korean threat actors as part of their persistent targeting of software developers, according to The Hacker News.
Eleven utility- and debugger-spoofing npm packages, which have amassed over 5,600 downloads before their removal, have been leveraged by Lazarus Group-linked hackers to facilitate the deployment of a remote access trojan loader as part of the ongoing Contagious Interview campaign, a report from Socket Security revealed. While the specifics of the second-stage malware remain uncertain, the loader's code revealed remote JavaScript retrieval and execution capabilities, enabling the distribution of any malware of their choice, with Socket Security researchers observing the repurposing of BeaverTail and InvisibleFerret in the attacks. Meanwhile, another analysis from the AhnLab Security Intelligence Center on BeaverTail malware attacks against South Korean developers showed the payload being used to spread the novel Tropidoor backdoor for Windows, with one of the adopted commands previously seen in the LightlessCan malware of the Lazarus Group.
Cybernews reports that Caritas Internationalis, the Catholic Church's official charity organization, had at least 17 websites of its Spanish arm compromised as part of a web skimmer campaign that commenced in February 2024.
Israel subjected to persistent targeting by Iranian hackers The Hacker News reports that Iran-linked threat operations have continued launching malware attacks against Israel last year.
Security researchers have detailed the evolving tactics of the Russian-affiliated threat group Gamaredon, particularly its use of the PteroLNK variant within the Pterodo malware family, GBHackers reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
