Threat Post

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. A credentials-stealing code bomb that uses legitimate password ...
Bleeping Computer

Devs targeted by W4SP Stealer malware in malicious PyPi packages

Five malicious packages were found on the Python Package Index (PyPI), stealing passwords, Discord authentication cookies, and cryptocurrency wallets from unsuspecting developers. PyPI is a software ...
Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
Forbes

Hackers Force Chrome Users To Hand Over Google Passwords. Here’s How

Update, Sept. 17, 2024: This story, originally published Sept. 15, now includes details of more credential-stealing threats targeting web browser users. Newly published research has revealed how ...
Dark Reading

'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines

Malicious Python packages masquerading as legitimate code obfuscation tools are targeting developers via the PyPI code repository. Focusing on those interested in code obfuscation is a savvy choice ...
TechRepublic

New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers

New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers Your email has been sent Learn how the Meduza Stealer malware works, what it targets and how to protect your company ...