Blog | ReversingLabs | Threat Research (2)

June 5, 2024

Python downloader highlights noise problem in open source threat detection

RL discovered what appeared to be a malicious downloader on PyPI. It turned out to be red teaming — but highlights a growing problem for threat detection.

April 11, 2024

XZ Trojan highlights software supply chain risk posed by 'sock puppets'

There is no fool-proof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three key indicators.

April 3, 2024

Malicious helpers: VS Code Extensions observed stealing sensitive information

Two newly discovered extensions on the VS Code Marketplace are designed to steal sensitive information, showing that open source attacks are expanding.

March 26, 2024

Suspicious NuGet package grabs data from industrial systems

Espionage has long been a driver for malicious cyber campaigns. Here's what the RL research team knows about the suspicious SqzrFramework480 campaign.

March 12, 2024

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

RL has discovered a campaign using malicious PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases used for crypto wallet recovery.

March 3, 2024

Level up your YARA game

Learn how to apply YARA rules for threat detection, searching, hunting and more.

February 20, 2024

Attackers leverage PyPI to sideload malicious DLLs

RL discovered two malicious PyPI packages and a larger subsequent campaign of packages — highlighting that DLL sideloading is an emerging method for software supply chain attacks.

January 23, 2024

GitGot: GitHub leveraged by cybercriminals to store stolen data

ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.

December 19, 2023

Malware leveraging public infrastructure like GitHub on the rise

RL researchers have uncovered two novel techniques running on GitHub — one abusing GitHub Gists, another issuing commands through git commit messages.

November 16, 2023

Protestware taps npm to call out wars in Ukraine, Gaza

ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.

October 31, 2023

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

RL has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.

October 4, 2023

Typosquatting campaign delivers r77 rootkit via npm

One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Threat Research (2)

Python downloader highlights noise problem in open source threat detection

XZ Trojan highlights software supply chain risk posed by 'sock puppets'

Malicious helpers: VS Code Extensions observed stealing sensitive information

Suspicious NuGet package grabs data from industrial systems

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

Level up your YARA game

Attackers leverage PyPI to sideload malicious DLLs

GitGot: GitHub leveraged by cybercriminals to store stolen data

Malware leveraging public infrastructure like GitHub on the rise

Protestware taps npm to call out wars in Ukraine, Gaza

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

Typosquatting campaign delivers r77 rootkit via npm

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Threat Research (2)

Topics

Follow us

Subscribe

Special Reports