Malicious

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data – Go Health Pro

by
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data – Go Health Pro

Apr 05, 2025Ravie LakshmananMalware / Supply Chain Attack Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package … Read more

Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages – Go Health Pro

by
Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages – Go Health Pro

Mar 20, 2025Ravie LakshmananCybercrime / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual representatives of the … Read more

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal – Go Health Pro

by
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal – Go Health Pro

Mar 15, 2025Ravie Lakshmanan Malware / Supply Chain Security Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it … Read more

Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes – Go Health Pro

by
Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes – Go Health Pro

Feb 19, 2025Ravie LakshmananMobile Security / Cyber Espionage Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. “The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate ‘linked devices’ … Read more

New USPS text scam uses unique method to hide malicious PDF links – Go Health Pro

by
New USPS text scam uses unique method to hide malicious PDF links – Go Health Pro

A new phishing scam targeting mobile devices was observed using a “never-before-seen” obfuscation method to hide links to spoofed United States Postal Service (USPS) pages inside PDF files, Zimperium reported Monday. The method manipulates elements of the Portable Document Format (PDF) to make clickable URLs appear invisible to both the user and mobile security systems, … Read more