Skip to main content

Tag: infostealer malware

6 articles

Cluttered home office workspace with laptop screen glowing in dim light.

GitHub Repos Impersonate Legit Software to Spread Infostealer Malware

Malicious actors have created 292 fake GitHub repositories that masquerade as legitimate software and security projects, tricking visitors into downloading infostealer malware. These impostor repositories impersonated popular security products, cryptocurrency services, and gaming software, with many still active despite efforts to take them down.

Analyst 207
Developer workspace with npm package management page, terminal window, and software items on a brightly lit desk.

Jscrambler npm Package Infected with Infostealer Malware

A malicious version of the Jscrambler npm package was published, infecting nearly 1,500 downloads with infostealer malware within a two-hour window before being removed and replaced with a safe version. The incident was quickly contained, but users who downloaded the compromised package between releases 8.14 and 8.20 may be at risk.

Analyst 207
Network device sits prominently in a server room with management console blurred in background.

Hackers Exploit FortiClient Flaw to Deliver Infostealer Malware

Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server to deliver infostealer malware, cleverly disguising the payload as a legitimate Fortinet endpoint update. This sneaky tactic uses FortiClient-managed VPN scripting workflows to execute the malicious code, putting security teams on high alert.

Analyst 207
Dimly lit laptop screen shows blurred software repository page with cursor over suspicious package.

Hugging Face Repository Exploits Typosquatting to Spread Infostealer Malware

Security researchers have uncovered a cunning malware attack on Hugging Face, where a fake repository mimicked a popular AI project, racking up over 244,000 downloads and 667 likes in just 18 hours. The malicious repository used a classic typosquatting trick to deceive users searching for the genuine project.

Analyst 207
Cluttered home office workstation with laptop displaying coding interface.

Malicious Hugging Face repository targets Windows users with infostealer malware

Malicious actors on Hugging Face tricked Windows users into downloading infostealer malware by creating a fake repository that mimicked OpenAI's popular Privacy Filter release. The rogue repository briefly shot to the top of Hugging Face's trending list, racking up 244,000 downloads before being swiftly removed.

Analyst 207
Cluttered home office setup with gaming console and laptop surrounded by papers and snack packaging.

Ukraine Arrests Hackers Behind 610,000 Roblox Account Breach

Ukrainian authorities have cracked down on a group of hackers responsible for breaching over 610,000 Roblox accounts in a months-long phishing scam that harvested credentials and tokens. The stolen access was used to snag in-game items and Robux, Roblox's virtual currency.

Analyst 207