Software downloaded 30,000 times from PyPI ransacked developers’ machines

Expect to see more of these “Frankenstein” malware packages, researchers warn.

Software downloaded 30,000 times from PyPI ransacked developers’ machines

Enlarge

Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines, researchers said on Thursday.

In a post, researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe of security firm JFrog said they recently found eight packages in PyPI that carried out a range of malicious activity. Based on searches on https://pepy.tech, a site that provides download stats for Python packages, the researchers estimate the malicious packages were downloaded about 30,000 times.

Systemic threat

The discovery is the latest in a long line of attacks in recent years that abuse the receptivity of open source repositories, which millions of software developers rely on daily. Despite their crucial role, repositories often lack robust security and vetting controls, a weakness that has the potential to cause serious supply chain attacks when developers unknowingly infect themselves or fold malicious code into the software they publish.

Read 14 remaining paragraphs | Comments

New bank-fraud malware called Vultur infects thousands of devices

Screen sharing courtesy of VNC mirrors device screens to attacker-controlled servers.

New bank-fraud malware called Vultur infects thousands of devices

Enlarge (credit: Getty Images)

Recently detected Android malware, some spread through the Google Play Store, uses a novel way to supercharge the harvesting of login credentials from more than 100 banking and cryptocurrency applications.

The malware, which researchers from Amsterdam-based security firm ThreatFabric are calling Vultur, is among—if not the—first Android threats to record a device screen whenever one of the targeted apps is opened. Vultur uses a real implementation of the VNC screen-sharing application to mirror the screen of the infected device to an attacker-controlled server, researchers with ThreatFabric said.

(credit: ThreatFabric)

(credit: ThreatFabric)

The next level

The typical modus operandi for Android-based bank-fraud malware is to superimpose a window on top of the login screen presented by a targeted app. The “overlay,” as such windows are usually called, appears identical to the user interface of the banking app, giving victims the impression they’re entering their credentials into a trusted piece of software. Attackers then harvest the credentials, enter them into the app running on a different device, and withdraw money.

Read 12 remaining paragraphs | Comments

Rocket Report: Ariane V returns after long layoff, Rocket Lab’s tough culture

“Pete told us that key contributors would be driving Ferraris to work in a year.”

Artist's conception of cutting-edge rockets.

Enlarge / China's iSpace releases renderings of a 1-, 2-, and 3-core Hyperbola-3 rocket. (credit: iSpace/Andrew Jones/Twitter)

Welcome to Edition 4.09 of the Rocket Report! I was certainly looking forward to the second launch of Boeing's Starliner spacecraft on Friday, and the Atlas V rocket was ready to go. Alas, serious problems with Russia's new space station module, Nauka, delayed the launch until next Tuesday.

As always, we welcome reader submissions, and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

New Zealand publication investigates Rocket Lab work culture. Former employees of launch company Rocket Lab claim that, behind its flashy public relations, is a toxic culture of fear where people are pushed out of the business and punished for minor transgressions, BusinessDesk reports. The article asserts that founder Peter Beck is an inspirational leader but that his management style is more appropriate for a very small startup rather than a maturing aerospace company. Although Rocket Lab is based it the US, it operates a rocket assembly and launch site in New Zealand.

Read 28 remaining paragraphs | Comments