NuGet malware targets crypto wallets, OAuth tokens

ReversingLabs discovered malicious packages on NuGet targeting the crypto ecosystem. The campaign, starting in July 2025, involved 14 packages impersonating legitimate crypto-related tools. The malware aimed to steal crypto funds by redirecting transactions or exfiltrating secrets for wallet access. Techniques used to appear trustworthy included homoglyphs, version bumping, and inflating download counts. The packages were divided into three groups: wallet stealers, crypto-funds stealers, and Google Ads OAuth stealers. This campaign highlights the ongoing exploitation of trust in the software supply chain, potentially affecting entire projects and communities relying on compromised dependencies.

Pulse ID: 69431f1d8da9595abdfc9c20
Pulse Link: https://otx.alienvault.com/pulse/69431f1d8da9595abdfc9c20
Pulse Author: AlienVault
Created: 2025-12-17 21:22:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Google #GoogleAds #InfoSec #Malware #NuGet #OTX #OpenThreatExchange #RAT #ReversingLabs #Rust #SupplyChain #bot #AlienVault

Bootstrap script exposes PyPI to domain takeover attacks | ReversingLabs

Vulnerable code in legacy Python packages could be exposed to domain takeover attacks, according to researchers at ReversingLabs and Spectra Assure, a software supply chain security firm in London.

Pulse ID: 69304c963c1ec7b1d7a2df29
Pulse Link: https://otx.alienvault.com/pulse/69304c963c1ec7b1d7a2df29
Pulse Author: CyberHunter_NL
Created: 2025-12-03 14:43:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #PyPI #Python #ReversingLabs #SupplyChain #bot #CyberHunter_NL

Build script exposes PyPI to domain takeover attacks

ReversingLabs researchers discovered vulnerable code in legacy Python packages that could enable an attack on the Python Package Index (PyPI) via a domain compromise. The vulnerability lies in bootstrap files for a build tool that installs the Python package 'distribute' and performs other tasks. When executed, the bootstrap script fetches and executes an installation script from python-distribute.org, a domain now available for sale. Affected packages include tornado, pypiserver, slapos.core, and others. The issue stems from the complex history of Python packaging tools and the failure to formally decommission the 'distribute' module. This vulnerability highlights the risks of relying on hard-coded domains and the importance of addressing code rot in open-source projects.

Pulse ID: 6924c9abb614eb03b6f6433d
Pulse Link: https://otx.alienvault.com/pulse/6924c9abb614eb03b6f6433d
Pulse Author: AlienVault
Created: 2025-11-24 21:10:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #PyPI #Python #RCE #ReversingLabs #Vulnerability #bot #AlienVault

🎯 NOW PUBLISHING: On-Location Coverage from #BlackHat USA 2025!

We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!

🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!

We're thrilled to share this critical Brand Story conversation thanks to our friends at ReversingLabs 🙏

Your Business Apps Are Bringing Friends You Didn't Invite

Every commercial software application is a complex assembly of first-party, contracted, open source, and third-party code. But when #SolarWinds, #Kaseya, and #Ivanti happened, we learned that vendor questionnaires and contractual assurances offer little protection against supply chain compromises.

At #BlackHat2025, Saša Zdjelar, Chief Trust Officer at ReversingLabs, reveals how organizations can finally verify the integrity of #software from outside vendors—without relying on blind trust.

The game-changer: Comprehensive binary analysis that deconstructs any file into its components to:

• Detect malware, tampering, and embedded secrets

• Identify #vulnerabilities and insecure practices

• Uncover undocumented network connections

• Flag #compliance risks from restricted regions

This isn't just another policy checkbox—it's a true technical control that inspects the software itself, regardless of size or complexity.

Real-world applications:

• Procurement: Auto-scan all software before deployment

• Version Monitoring: Detect unexpected behavior changes between releases

• Critical Environments: Verify integrity before software enters OT, ICS, or financial systems

• Risk Management: Assess COTS software as part of ongoing vendor reviews

With regulations like EO 14028 and the EU's #CyberResilience Act demanding transparency, the ability to technically validate every application delivers both strategic protection and measurable benefits.

📺 Watch the video: https://youtu.be/pU9bHYFND7c

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/your-business-apps-are-bringing-friends-you-didnt-invite-a-brand-story-with-saa-zdjelar-chief-trust-officer-at-reversinglabs-and-operating-partner-at-crosspoint-capital-a-black-hat-usa-2025-conference-on-location-brand-story-a2sfPy_B

📖 Read the blog: https://www.itspmagazine.com/their-stories/your-business-apps-are-bringing-friends-you-didnt-invite-a-brand-story-with-saa-zdjelar-chief-trust-officer-at-reversinglabs-a-black-hat-usa-2025-on-location-brand-story

➤ Learn more about ReversingLabs: https://itspm.ag/reversinglabs-v57b

✦ Catch more stories from #ReversingLabs: https://www.itspmagazine.com/directory/reversinglabs

🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25

#Cybersecurity #SupplyChainSecurity #SoftwareIntegrity #BlackHatUSA #BHUSA25 #ThirdPartyRisk #SBOM #BinaryAnalysis #Compliance #ZeroTrust

Nieuw beveiligingsrisico: schadelijke code in hugging face pickle-bestanden https://www.trendingtech.news/trending-news/2025/02/53772/nieuw-beveiligingsrisico-schadelijke-code-in-hugging-face-pickle-bestanden #Hugging Face #Pickle-bestanden #AI-beveiliging #ReversingLabs #Python-serialisatie #Trending #News #Nieuws

Malicious Python Packages Target Crypto Wallet Recovery Passwords - A newly discovered campaign pushing malicious open source software packages is designed t... https://feeds.feedblitz.com/~/873517502/0/thesecurityledger~Malicious-Python-Packages-Target-Crypto-Wallet-Recovery-Passwords/ #pythonpackageindex(pypi) #softwaresupplychain #opensourcesoftware #publishedresearch #vulnerabilities #cryptocurrency #reversinglabs #technologies #supplychain #opensource #topstories #companies #software

#ChatGPT is wrong more than half the time—makes many conceptual errors, but sounds confident, authoritative.

So, hard to spot the errors, say researchers. In this week’s #SSBlogwatch we can’t say we’re totally surprised. For #ReversingLabs: https://reversinglabs.com/blog/ai-coding-helpers-get-failing-grade?utm_source=richisoc&utm_medium=social #AI #DevOps

yes, even over Zoom, Twitch or Slack Huddle. In this week’s #SSBlogwatch we turn up the music. For #ReversingLabs: https://www.reversinglabs.com/blog/ai-deep-learning-enables-attackers-to-hear-your-password?utm_source=richisoc&utm_medium=social

Google employees are to be protected from themselves. In what’s being described as a pilot program, they’ll lose internet access at work and/or root privileges.

The idea is to stop break-ins by bad actors. In this week’s #SSBlogwatch we try not to imagine the horror. For #ReversingLabs: https://www.reversinglabs.com/blog/no-net-for-some-no-root-for-devs-google-cuts-off-staff-internet-for-safety?utm_source=richisoc&utm_medium=social

Is a DEF CON Village the right way to assess AI risk? - The AI industry is pointing to the AI Village at DEF CON as a venue for assessing cyberse... https://feeds.feedblitz.com/~/745813211/0/thesecurityledger~Is-a-DEF-CON-Village-the-right-way-to-assess-AI-risk/ #berryvilleinstituteofmachinelearning #artificialintelligence #bidenadministration #penetrationtesting #vulnerabilities #hacks&hackers #reversinglabs #technologies #conferences #dataprivacy #government #redteaming #topstories

Researcher finds malicious packages lurked on npm for months - Researchers at ReversingLabs said they discovered two npm open source packages that conta... https://feeds.feedblitz.com/~/741537887/0/thesecurityledger~Researcher-finds-malicious-packages-lurked-on-npm-for-months/ #applicationdevelopment #applicationsecurity #publishedresearch #reversinglabs #supplychain #topstories #companies #spotlight #software #reports #npm

The surveys speak: supply chain threats are freaking people out - A bunch of recent surveys of IT and security pros send a clear message: threats and risks... https://feeds.feedblitz.com/~/739894730/0/thesecurityledger~The-surveys-speak-supply-chain-threats-are-freaking-people-out/ #applicationdevelopment #softwaresupplychain #vulnerabilities #reversinglabs #cybersecurity #gitguardian #supplychain #dataprivacy #government #opensource #topstories #companies #spotlight #business #software

Who Wrote the ALPHV/BlackCat Ransomware Strain? https://krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain/ #BlackCatransomware #Ne'er-Do-WellNews #ALittleSunshine #ALPHVransomware #SergeyPenchikov #CatalinCimpanu #RecordedFuture #ReversingLabs #SergeyKryakov #Breadcrumbs #@CookieDays #BlackMatter #duckermanit #PaulRoberts #Flashpoint #SergeyDuck #DuckerMan #JasonHill #TheRecord #DarkSide #Varonis #smiseo #Binrs #rEvil #YBCat #RAMP #ToX

Who Wrote the ALPHV/BlackCat Ransomware Strain? - In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV... https://krebsonsecurity.com/2022/01/who-wrote-the-alphv-blackcat-ransomware-strain/ #blackcatransomware #neer-do-wellnews #alittlesunshine #alphvransomware #sergeypenchikov #catalincimpanu #recordedfuture #reversinglabs #sergeykryakov #breadcrumbs #@cookiedays #blackmatter #duckermanit #paulroberts #flashpoint #sergeyduck #duckerman #jasonhill #therecord

Episode 232: Log4j Won’t Go Away (And What To Do About It.) - In this episode of the podcast (#232), Tomislav Peričin of the firm ReversingLabs ... https://feeds.feedblitz.com/~/675372840/0/thesecurityledger~Episode-Logj-Won%e2%80%99t-Go-Away-And-What-To-Do-About-It/ #sbom(softwarebillofmaterials) #softwarebillofmaterials #softwaresupplychain #apachefoundation #vulnerabilities #reversinglabs #reversinglabs #apachestruts #supplychain #companies #log4shell #spotlight #business #podcast

Sophos и ReversingLabs представили БД с 20 млн данных для ИБ-исследователей #SoReL-20M, #Sophos, #ReversingLabs https://www.securitylab.ru/news/514855.php https://twitter.com/SecurityLabnews/status/1338855096227045383/photo/1

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries - Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source c... more: https://threatpost.com/bitcoin-stealers-700-ruby-developer-libraries/154937/ #applicationbuildingblocks #rubyprogramminglanguage #open-sourcecomponents #maliciouslibraries #bitcoinstealers #coderepository #reversinglabs #rubygems #malware