» Annie Blog

Context On April 2, 2024, Trend Micro researchers reported new technical details of a “Unapimon” malware campaign attributed to Earth Freybug, which leverages “dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored.” According to Trend Micro, “UNAPIMON itself is straightforward: It is a DLL malware written in C++ and…

Executive Summary On March 29, 2024, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor, tracked as CVE-2024-3094, found in the latest XZ Utils data compression tools and libraries. Red Hat has warned all users to discontinue any usage of Fedora 41 of Fedora Rawhide for work or personnel use and has…

Executive Summary Security firm Phylum has discovered and reported an automated typosquatting attack campaign recently detected on March 26, 2024, which targeted popular Python libraries hosted on the Python Package Index (PyPI) page. Attackers deployed over 500 typosquatted variations of well-known libraries like TensorFlow, BeautifulSoup, requests, requirements, and others. These variations were designed to mimic legitimate package names but…

Executive Summary Researchers from Sekoia have released a report  detailing an October 2023 discovery and subsequent analysis of a new Adversary-in-The-Middle (AiTM) phishing kit linked to the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform, which had been active since at least August 2023. The latest version of Tycoon 2FA features enhanced stealth capabilities, potentially lowering detection rates by security products. Sekoia’s…

Executive Summary The Checkmarx Research team has reported a sophisticated campaign which is targeting software supply chains and resulting in successful exploitation of multiple GitHub users. Key targets included the Top.gg GitHub organization, which claims to have over 170,000 users, and individual developers on the code publishing platform. The attackers employed various novel tactics, including account takeover via…