Python Package Index (PyPI) has recently observed several malicious packages hidden in its repository. PyPI hosts almost 600,000 projects written in the Python programming language. The original aiocpa package, self-described as a “synchronous & asynchronous Crypto Pay API Client”...
Threat actors actively seek methods to conceal their identities in information-stealing campaigns, aiming to lure individuals into downloading malicious software or revealing sensitive information. One recent campaign infects Windows devices with Lumma Stealer...
The NJCCIC email security system has uncovered a new campaign spreading XLoader and GuLoader malware. XLoader is a successor to Formbook infostealing malware and is categorized as malware-as-a-service (MaaS). XLoader has several capabilities...
The NJCCIC detected a campaign linked to TA544, also referred to as Bamboo Spider and Zeus Panda, which has reemerged after a period of inactivity since their last campaign. Similar to open-source reporting, this new campaign attempts to distribute the WarmCookie backdoor.
A sophisticated malware loader known as Bumblebee has resurfaced after a law enforcement operation in May 2024 significantly disrupted its infrastructure. This operation, dubbed Operation Endgame, also targeted other malware families, including IcedID, Pikabot, Smokeloader...
The threat actors, associated with the Democratic People’s Republic of Korea (DPRK), pose as prospective employers and target individuals seeking employment within the Information Technology sector through popular job search platforms such as LinkedIn and X.
The NJCCIC’s email security solution observed a recent surge in campaigns disseminating 404 Keylogger infostealing malware. Also known as SnakeKeylogger, is both a downloader and an information-stealing malware. This malware-as-a-service can steal credentials, etc.
TA2725 is a financially motivated cyber threat actor that typically targets Latin America (LATAM) and some European countries. The group has its tactics and is now delivering Mispadu and Astaroth malware in phishing campaigns targeting the Garden State Network (GSN).
The NJCCIC observed an uptick in campaigns aiming to spread Formbook infostealing malware. Formbook is classified as malware-as-a-service (MaaS), though it was originally advertised as browser-logger software. Formbook can extract data from HTML forms...
Industrial cybersecurity company Dragos released a report detailing a malware strain dubbed FrostyGoop that was used to target a municipal district energy company in Lviv, Ukraine earlier this year. The attack caused residents of approximately 600 apartment buildings to lose heat.
