Libraries

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools – Go Health Pro

by
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools – Go Health Pro

Dec 19, 2024Ravie LakshmananSupply Chain / Software Security Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. “While … Read more

ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries – Go Health Pro

by
ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries – Go Health Pro

Nov 22, 2024Ravie LakshmananArtificial Intelligence / Malware Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named gptplus and claudeai-eng, were uploaded by a user named “Xeroline” … Read more

x