On 1 May 2024, SentinalOne researchers reported the technical details of an adware campaign leveraging Adload evading Apple XProtect defensive measures to target macOS users. Context and Technical Details In late April 2024, Apple released more than 80 new rules for the XProtect malware signature list. SentinalOne researchers identified a malware campaign mere days later…
Read More
Executive Summary Threat actors are taking advantage of GitHub’s search functionalities to deceive users looking for popular repositories into downloading malicious counterparts that serve malware, according to a new report from Checkmarx. Attackers are utilizing techniques like automated updates and fake stars to boost search rankings and deceive users. Community Threat Assessment The use of malicious GitHub repositories to distribute…
Read More
Context On April 2, 2024, Trend Micro researchers reported new technical details of a “Unapimon” malware campaign attributed to Earth Freybug, which leverages “dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored.” According to Trend Micro, “UNAPIMON itself is straightforward: It is a DLL malware written in C++ and…
Read More
Executive Summary On March 29, 2024, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor, tracked as CVE-2024-3094, found in the latest XZ Utils data compression tools and libraries. Red Hat has warned all users to discontinue any usage of Fedora 41 of Fedora Rawhide for work or personnel use and has…
Read More
Executive Summary Security firm Phylum has discovered and reported an automated typosquatting attack campaign recently detected on March 26, 2024, which targeted popular Python libraries hosted on the Python Package Index (PyPI) page. Attackers deployed over 500 typosquatted variations of well-known libraries like TensorFlow, BeautifulSoup, requests, requirements, and others. These variations were designed to mimic legitimate package names but…
Read More
