Tag: software supply chain

7 Attack Reports | 0 Vulnerabilities

Attack reports

Loophole allows threat actors to claim VS Code extension names

A loophole in VS Code Marketplace allows malicious actors to reuse names of removed extensions. ReversingLabs discovered this vulnerability after finding a malicious extension with the same name as one previously identified. The platform's documentation states that extension names must be unique, b…
vulnerability
open-source
cybersecurity
extension
vs code
software supply chain
2025-08-29
loophole
package names
Published: August 29, 2025
Downloadable IOCs: 0

Threat actor Banana Squad exploits GitHub repos in new campaign

ReversingLabs researchers have uncovered a new campaign by the threat actor Banana Squad, involving over 60 GitHub repositories containing hundreds of trojanized Python files. The attackers create fake user accounts to host malicious repositories that mimic legitimate ones, using a technique that h…
backdoor
python
open-source
github
stealth techniques
supply chain attack
software supply chain
open-source security
code obfuscation
2025-06-19
2025-06-20
trojanized repositories
Published: June 20, 2025
Downloadable IOCs: 275

Atomic and Exodus crypto wallets targeted in malicious npm campaign

A malicious npm package named pdf-to-office was discovered targeting cryptocurrency wallets. The package, posing as a PDF to Office converter, injects malicious code into locally installed Atomic and Exodus wallets. This attack modifies legitimate files to redirect crypto funds to the attacker's wa…
cryptocurrency
persistence
npm
atomic
software supply chain
exodus
patching
2025-04-10
wallet
2025-04-14
trojanized code
atomic wallet
Published: April 14, 2025
Downloadable IOCs: 1

Operation Phantom Circuit: North Korea's Global Data Exfiltration Campaign

In December 2024, the Lazarus Group, a North Korean threat actor, launched a sophisticated global campaign targeting cryptocurrency and technology developers. The operation, code-named 'Phantom Circuit,' involved embedding malware into trusted development tools, compromising hundreds of victims wor…
north korea
cryptocurrency
data exfiltration
software supply chain
command-and-control
2025-01-30
phantom circuit
Published: January 30, 2025
Downloadable IOCs: 13

A new playground: Malicious campaigns proliferate from VSCode to npm

This intelligence details the emergence of malicious campaigns spreading from VSCode to npm. Researchers observed an increasing amount of malicious activity in VSCode Marketplace, with threat actors using npm packages to inject malicious code into VSCode IDE. The campaign initially targeted the cry…
obfuscation
npm
downloader
crypto
software supply chain
2024-12-19
zoom
malicious extensions
vscode
Published: December 19, 2024
Downloadable IOCs: 2

Malicious PyPI crypto pay package aiocpa implants infostealer code

ReversingLabs detected a malicious package named 'aiocpa' on PyPI, engineered to compromise cryptocurrency wallets. Unlike typical attacks, the actors published their own crypto client tool to attract users before compromising them through a malicious update. The package appeared legitimate, with m…
obfuscation
infostealer
cryptocurrency
pypi
machine learning
software supply chain
2024-11-29
threat hunting
Published: November 29, 2024
Downloadable IOCs: 0

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

Datadog Security Research discovered three malicious npm packages: passports-js, bcrypts-js, and blockscan-api, containing BeaverTail malware associated with North Korean threat actors. The packages, downloaded 323 times, targeted job-seekers in the US tech industry through a campaign named Contagi…
infostealer
cryptocurrency
npm
dprk
beavertail
contagious interview
2024-10-25
invisibleferret
software supply chain
namesquatting
Published: October 25, 2024
Downloadable IOCs: 1
Click here to see more Attack Reports