expertmadman

joined 1 year ago
sorted by: new top controversial old
22
Researchers Uncover npm Package Delivering RAT Via Microsoft Executable (blog.phylum.io)
11
Malicious Nuget Packages Found Delivering SeroXen RAT (blog.phylum.io)
Why am I getting this unexpected arguments warning in python? in c/learn_programming@programming.dev
Proc macro sandboxing in c/programmerhumor@lemmy.ml
[–] expertmadman@sh.itjust.works 24 points 1 year ago

we’re working on a third party solution for this. Should have some updates that sandbox cargo builds shortly.

https://github.com/phylum-dev/birdcage

It’s a cross-platform sandbox that works on Linux via Landlock and macOS via Seatbelt. We’ve rolled this into our CLI (https://github.com/phylum-dev/cli) so you can do thinks like:

phylum

For example for npm, which currently uses the sandbox:

phylum npm install

We’re adding this to cargo to similarly sandbox crate installations. Would love feedback and thoughts on our sandbox!

Rust Malware Staged on Crates.io in c/rust@lemmy.ml
[–] expertmadman@sh.itjust.works 5 points 1 year ago* (last edited 1 year ago)

I'm one of the co-founders @ Phylum. We have a history of reporting these attacks/malware to the appropriate organizations. We work closely with PyPI, NPM, Github, and others - and have reported thousands of malicious packages in the last few years. If you were following GIthub's recent security advisory, you can see a shout-out for some of our previous work. There are also public thanks from the Crates.io team for our efforts over on HN.

I say all this to assure you we didn't write or release this malware. It just wouldn't make sense, especially when these open-source ecosystems contain so much malware for us to hunt and report on already. Though I get the logic, we have seen other security companies do this - and called them out for it.

Our platform is free for developers and small teams (heck, I'll give anyone who asks for it a free pro account if you really need it). We've open-sourced our CLI and sandbox that limits access to network/disk/env during package installation. We're genuinely - really - trying to help make these ecosystems safer.

Sophisticated, Highly-Targeted Attacks Continue to Plague npm in c/cybersecurity@sh.itjust.works
[–] expertmadman@sh.itjust.works 5 points 1 year ago

https://blog.phylum.io/sophisticated-highly-targeted-attacks-continue-to-plague-npm/

tl;dr several packages were recently published to npm that appear to be subtle command and control. Behaviors of the infrastructure seem to mimic those recently identified by Phylum as being nation state activity from North Korea.

Sophisticated, Highly-Targeted Attacks Continue to Plague npm in c/cybersecurity@sh.itjust.works
13
Sophisticated, Highly-Targeted Attacks Continue to Plague npm (sh.itjust.works)
 
4
Targeted npm Malware Attempts to Steal Company Source Code and Secrets (sh.itjust.works)
 
Malicious NPM packages attributed to North Korean state actors in c/netsec@discuss.tchncs.de
[–] expertmadman@sh.itjust.works 2 points 1 year ago

They’re often supported by external resources, like China. There isn’t really a community inside of North Korea to draw from like you’d expect in some more established countries.

In this case the attackers are targeting technologists and convincing them to collaborate on a git repository somewhere. That git repo includes dependencies that are hosted on npm, and require a specific order of installation to trigger the malicious behavior.

When the unwitting dev installs thaw deps for the git reo, they receive the malicious payload as well.

8
Malicious NPM packages attributed to North Korean state actors (blog.phylum.io)
To celebrate Slackware turning 30, I put on my 13.37 release t-shirt! in c/linux@lemmy.ml
[–] expertmadman@sh.itjust.works 4 points 1 year ago

Slackware was my first Linux distro