Tag: infostealer malware
6 articles

GitHub Repos Impersonate Legit Software to Spread Infostealer Malware
Malicious actors have created 292 fake GitHub repositories that masquerade as legitimate software and security projects, tricking visitors into downloading infostealer malware. These impostor repositories impersonated popular security products, cryptocurrency services, and gaming software, with many still active despite efforts to take them down.

Jscrambler npm Package Infected with Infostealer Malware
A malicious version of the Jscrambler npm package was published, infecting nearly 1,500 downloads with infostealer malware within a two-hour window before being removed and replaced with a safe version. The incident was quickly contained, but users who downloaded the compromised package between releases 8.14 and 8.20 may be at risk.

Hackers Exploit FortiClient Flaw to Deliver Infostealer Malware
Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server to deliver infostealer malware, cleverly disguising the payload as a legitimate Fortinet endpoint update. This sneaky tactic uses FortiClient-managed VPN scripting workflows to execute the malicious code, putting security teams on high alert.

Hugging Face Repository Exploits Typosquatting to Spread Infostealer Malware
Security researchers have uncovered a cunning malware attack on Hugging Face, where a fake repository mimicked a popular AI project, racking up over 244,000 downloads and 667 likes in just 18 hours. The malicious repository used a classic typosquatting trick to deceive users searching for the genuine project.

Malicious Hugging Face repository targets Windows users with infostealer malware
Malicious actors on Hugging Face tricked Windows users into downloading infostealer malware by creating a fake repository that mimicked OpenAI's popular Privacy Filter release. The rogue repository briefly shot to the top of Hugging Face's trending list, racking up 244,000 downloads before being swiftly removed.

Ukraine Arrests Hackers Behind 610,000 Roblox Account Breach
Ukrainian authorities have cracked down on a group of hackers responsible for breaching over 610,000 Roblox accounts in a months-long phishing scam that harvested credentials and tokens. The stolen access was used to snag in-game items and Robux, Roblox's virtual currency.