Threat Research Round-Up Q3 2024
ฝัง
- เผยแพร่เมื่อ 3 ก.พ. 2025
- ReversingLabs Threat Research team digs deep into open source as well as proprietary and commercial software to identify new threats and attacks.
In our latest quarterly threat research round up, RL researchers dig into recent supply chain campaigns targeting platforms like NuGet and npm, and a scam targeting developers with phony job interviews that deliver malicious code packages.
Key research findings discussed include:
✓ A malicious NuGet campaign that saw malware authors using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code.
✓ A malicious package lurking on npm that mimicked a legitimate npm package with over a quarter of a million downloads designed to facilitate the uploading of files to Amazon’s AWS
✓ A VMConnect campaign in which malicious actors pose as recruiters, using packages and the names of financial firms to lure developers
AND MORE!
Listen in to learn more about these campaigns and get insights into ReversingLabs ongoing research into both commercial and open source software threats.
About RL
ReversingLabs is the trusted name in file and software security, to verify and deliver safe binaries. With the largest Threat Repository in the industry with over 40 billion searchable files, the Fortune 500 trusts their software supply chain security and malware analysis with ReversingLabs. Learn more: www.reversingl...
RL - Trust Delivered.
Be sure to subscribe to RL and follow us on social media →
/ reversinglabs
/ reversinglabs
/ reversinglabs
/ reversinglabs
