Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
Threat Post

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. A credentials-stealing code bomb that uses legitimate password ...
TechRepublic

New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers

New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers Your email has been sent Learn how the Meduza Stealer malware works, what it targets and how to protect your company ...
Dark Reading

'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines

Malicious Python packages masquerading as legitimate code obfuscation tools are targeting developers via the PyPI code repository. Focusing on those interested in code obfuscation is a savvy choice ...
techtimes

Malware Alert: Meduza Stealer Has a New Version and It’s All Over the Dark Web

Resecurity's HUNTER unit has uncovered a crucial discovery on Christmas Eve. It's not all about opening gifts, but instead seeing the latest version of the password stealer Meduza. According to ...
Ars Technica

Mac users served info-stealer malware through Google ads

Mac malware that steals passwords, cryptocurrency wallets, and other sensitive data has been spotted circulating through Google ads, making it at least the second time in as many months the widely ...