Tag

Credential Stealer

All articles tagged with #credential stealer

security3 days ago•4 min saved

Git tag hijack turns Laravel Lang releases into credential-stealing malware

Attackers rewrote GitHub release tags across four Laravel Lang repositories to point to malicious commits, introducing a dropper in src/helpers.php that downloads a cross-platform credential stealer from flipboxstudio.info. The malware harvests cloud credentials, tokens, SSH keys, and more, with a Windows payload that drops a base64-encoded executable (DebugElevator) to steal browser data and encryption keys. Packagist removed the malicious versions; developers should audit installed versions, rotate credentials, scan for indicators of compromise, and watch for outbound connections to flipboxstudio.info.

via BleepingComputer|

#composer #credential-stealer #git-tag-hijack

cybersecurity2 years ago•2 min saved

"Rising Threat: Magnet Goblin Exploits 1-Day Vulnerabilities to Install Linux Malware"

Researchers have discovered a previously unseen Linux variant of the NerbianRAT malware, which has been circulating for at least two years and is installed through the exploitation of recently patched vulnerabilities. The malware, attributed to the threat actor Magnet Goblin, is used to steal credentials and has been deployed through 1-day vulnerabilities in various software, including Ivanti Secure Connect, Magento, and Qlink Sense. Checkpoint Research also identified a smaller version of the malware, MiniNerbian, used for backdooring servers running the Magento ecommerce platform. The Linux version of NerbianRAT lacks protective measures and has been observed stealing VPN credentials and connecting to attacker-controlled IPs.

via Ars Technica|

#1-day-exploits #checkpoint-research #credential-stealer