#malicious-software

[ follow ]
#cybersecurity #phishing #data-theft #vs-code-extensions #data-exfiltration #analytics-sdk-fingerprinting
fromThe Hacker News
4 days ago

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Koi Security said the extensions are functional and work as expected, but they also capture every file being opened and every source code modification to servers located in China without users' knowledge or consent. The campaign has been codenamed MaliciousCorgi. "Both contain identical malicious code -- the same spyware infrastructure running under different publisher names," security researcher Tuval Admoni said.
Information security
#cybersecurity
Privacy technologies
fromThe Hacker News
8 months ago

100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

Malicious Chrome extensions disguise as useful tools, siphoning user data and executing harmful actions.
Threat actor uses impersonation tactics to lure victims into installing malware on Chrome.
Privacy technologies
fromThe Hacker News
8 months ago

100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

Malicious Chrome extensions disguise as useful tools, siphoning user data and executing harmful actions.
Threat actor uses impersonation tactics to lure victims into installing malware on Chrome.
more#cybersecurity
fromForbes
8 months ago

Delete Any Apps On Your Phone That Are On This List

The attackers' payday comes via those advertisers who have no idea their ads are being pushed out at an industrial scale to infected phones.
Games
Software development
fromInfoQ
9 months ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
[ Load more ]