shlogg · Early preview
Habdul Hazeez @ziizium

Supply Chain Attack Steals 390K Credentials Via Npm And GitHub

Supply chain attack steals 390K credentials via npm & GitHub. Phishing attacks abuse Google Calendar, 'Fix It' social-engineering scheme impersonates brands & Android malware disguises as health app on Amazon Appstore.

Introduction

A supply chain attack, phishing, social engineering, and malware. That's what we're talking about in this week's review. I welcome you all, and I hope that you're all fine.
Let's begin.


  
  
  Yearlong supply-chain attack targeting security pros steals 390K credentials

How this attack evaded detection despite being on npm and GitHub is quite interesting. You'll agree with me after reading the article. It all started with innocent code, updated to contain obfuscated code that was malicious.
For the GitHub part of this operation, the code hosted on the platform was innocent. Ho...
Read the full article