GooglePlay reports latest F-Droid version of Aves Libre as potential malware
https://github.com/deckerst/aves/issues/1802
#HackerNews #GooglePlay #F-Droid #AvesLibre #malware #cybersecurity
#Tag
GooglePlay reports latest F-Droid version of Aves Libre as potential malware
https://github.com/deckerst/aves/issues/1802
#HackerNews #GooglePlay #F-Droid #AvesLibre #malware #cybersecurity
Looks like blockchains have finally found a serious use case, just maybe not the one predicted/hoped for...
This article is about #Glassworm, the latest major exploit in JavaScript-land, targetting VSCode and using #Solana as command infrastructure and Google Calendar events as backup. It's full of novel attack techniques and as they say in the article themselves: "this is absolutely brilliant (and terrifying)". All in all, a different form of "creative coding"...
"The malware is hunting for credentials:
- NPM authentication tokens - to publish malicious packages
- GitHub tokens - to compromise repositories
- OpenVSX credentials - to inject more extensions
- Git credentials - to push malicious code
- 49 different cryptocurrency wallet extensions - targeting MetaMask, Phantom, Coinbase Wallet, and dozens more"
Looks like blockchains have finally found a serious use case, just maybe not the one predicted/hoped for...
This article is about #Glassworm, the latest major exploit in JavaScript-land, targetting VSCode and using #Solana as command infrastructure and Google Calendar events as backup. It's full of novel attack techniques and as they say in the article themselves: "this is absolutely brilliant (and terrifying)". All in all, a different form of "creative coding"...
"The malware is hunting for credentials:
- NPM authentication tokens - to publish malicious packages
- GitHub tokens - to compromise repositories
- OpenVSX credentials - to inject more extensions
- Git credentials - to push malicious code
- 49 different cryptocurrency wallet extensions - targeting MetaMask, Phantom, Coinbase Wallet, and dozens more"
☣️ Browser Promising Privacy Protection Contains Malware-Like Features, Routes Traffic Through China - Slashdot
「 The researchers said the Universe Browser, which advertises itself as offering privacy protection, includes features similar to malware such as key logging and surreptitious connections 」
“GlassWorm isn't just another supply chain attack. It's using stealth techniques we've never seen before - invisible Unicode characters that make malicious code literally disappear from code editors. Combine that with blockchain-based C2 infra that can't be taken down, Google Calendar as a backup command server, and a full remote access trojan that turns every infected dev into a criminal proxy node.”
#technology #attack #security #cybersecurity #malware #vscode
“GlassWorm isn't just another supply chain attack. It's using stealth techniques we've never seen before - invisible Unicode characters that make malicious code literally disappear from code editors. Combine that with blockchain-based C2 infra that can't be taken down, Google Calendar as a backup command server, and a full remote access trojan that turns every infected dev into a criminal proxy node.”
#technology #attack #security #cybersecurity #malware #vscode
⚠️ Hackers Abuse #Blockchain Smart Contracts to Spread #Malware via Infected #WordPress Sites
「 On Windows systems, the malicious command entails the execution of an HTML Application (HTA) file downloaded from a MediaFire URL, which then drops a PowerShell script to sidestep defenses, fetch the encrypted final payload from either GitHub or MediaFire, or their own infrastructure in some cases, and run the stealer directly in memory without writing the artifact to disk 」
https://thehackernews.com/2025/10/hackers-abuse-blockchain-smart.html
🇧🇷 New malware leverages WhatsApp to target Brazilian government and businesses
“Interestingly, the phishing message that contains the malicious file attachment requires users to open it on a desktop, suggesting that threat actors might be more interested in targeting enterprises rather than consumers,”
Novo ciberataque “Shai-Hulud” propaga-se como um verme e compromete 187 pacotes npm
🔗 https://tugatech.com.pt/t71903-novo-ciberataque-shai-hulud-propaga-se-como-um-verme-e-compromete-187-pacotes-npm
#API #ataque #cascata #CD #CI #ciberataque #Github #google #javascript #linkedin #malware #npm #phishing #riscos #segurança #servidor #software
There is an on-going malware attack targeting users of GitHub Desktop by buying ads on search engines that link to a committed Readme files on the GitHub Desktop repo with links to malicious versions of the app. This attack is on-going. I just found another attempt from a few days ago.
I found an Ad of the same kind on Duck Duck Go, so it's not just Google.
The details of the attack are described in detail in this article.
There is an on-going malware attack targeting users of GitHub Desktop by buying ads on search engines that link to a committed Readme files on the GitHub Desktop repo with links to malicious versions of the app. This attack is on-going. I just found another attempt from a few days ago.
I found an Ad of the same kind on Duck Duck Go, so it's not just Google.
The details of the attack are described in detail in this article.
BleepingComputer: AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
BleepingComputer: AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
https://www.threatfabric.com/blogs/android-droppers-the-silent-gatekeepers-of-malware
Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.
Part 1: https://leftarcode.com/posts/afd-reverse-engineering-part1/
Part 2: https://leftarcode.com/posts/afd-reverse-engineering-part2/
Part 3: https://leftarcode.com/posts/afd-reverse-engineering-part3/
Part 4: https://leftarcode.com/posts/afd-reverse-engineering-part4/
Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.
Part 1: https://leftarcode.com/posts/afd-reverse-engineering-part1/
Part 2: https://leftarcode.com/posts/afd-reverse-engineering-part2/
Part 3: https://leftarcode.com/posts/afd-reverse-engineering-part3/
Part 4: https://leftarcode.com/posts/afd-reverse-engineering-part4/
REMINDER:
everything created by  #techbros should be treated as  #malware. i would treat the so-called open source version of the not-so Open AI as a classic trojan, wooden horse and otherwise : 
https://arstechnica.com/ai/2025/08/openai-releases-its-first-open-source-models-since-2019/
A space for Bonfire maintainers and contributors to communicate