by Paul McCarty | Dec 28, 2024 | Uncategorized
SourceCodeRED identified two malicious packages deployed on NPM today (December 27th, 2024) These packages were deployed by an NPM user named shulkwisec. The two packages are “baby-electron” and “baby-electrona”. What does the malware...
by Paul McCarty | Dec 18, 2024 | Uncategorized
A new malware payload is being delivered via NPM packages. The NPM user named hi_ops published seven packages that are deploying a new MacOS malware. How is the malware delivered? The delivery mechanism is pretty simple. The NPM package has only one file:...
by Paul McCarty | Dec 6, 2024 | Uncategorized
The Ultralytics PyPi package was compromised today via a sneaky attack leveraging GitHub pull requests. Two consecutive package versions of the Ultralytics PyPi package were compromised and installed crypto miners on the affected hosts. Versions 8.3.41 and 8.3.42 are...
