Malicious Rust packages on Crates.io steal crypto wallet keys

Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal ...
WeLiveSecurity

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.
SecurityWeek

PyPI Warns Users of Fresh Phishing Campaign

PyPI, the default platform for Python's package management tools, is warning users of a fresh phishing campaign.
Crypto News

ZachXBT Links North Korean IT Workers to Over 25 Crypto Hacks and Team Extortion Schemes

ZachXBT documents North Korean IT workers infiltrating crypto companies in over 25 instances for hacks and extortion schemes.
The Register on MSN

New string of phishing attacks targets Python developers

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password The Python Software Foundation warned users of a new string of phishing attacks using a ...
CSO Online

Evolved PXA Stealer wraps PureRAT in multi-layer obfuscation

The stealer campaign has evolved into a multi-stage delivery chain that ultimately deploys the modular, feature-rich PureRAT.

Python developers targeted with new password-stealing phishing attacks - here's how to stay safe

“If you have already clicked on the link and provided your credentials, we recommend changing your password on PyPI immediately,” Larson warned. “Inspect your account's Security History for anything ...
Infosecurity Magazine

Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors

The attackers used process hollowing against RegAsm.exe, patched Windows defenses such as AMSI and ETW and unpacked further ...