Malware

Malicious actors have breached the official WordPress site for open-source decompiler ILSpy to compromise developers with malware as part of a new supply chain attack, Cyber Security News reports.

The attack chain begins with a user receiving an email containing a URL that downloads an encoded .cmd file.

Thirty-six malicious npm packages masquerading as Strapi CMS plugins have been spreading multiple payloads enabling Redis and PostgreSQL abuse, reverse shell injections, credential harvesting, and persistent implant deployment, according to The Hacker News.

The malware, identified by cybersecurity firm Kaspersky, has appeared in apps on both iOS and Android platforms, primarily targeting cryptocurrency users in Asia.

The ChatGPT Ad Blocker extension employed a DOM cloning technique to copy and filter conversations, focusing on text longer than 150 characters.

Infosecurity Magazine reports that Windows users across South Korea have been subjected to attacks involving illicit LNK files that trigger multi-stage compromise.

Threat operation REF1695 has been harnessing counterfeit installers to facilitate multiple attack campaigns delivering remote access trojans and cryptocurrency mining malware since November 2023, reports The Hacker News.