Latest news with #malware
Tahawul Tech
an hour ago
- Business
- Tahawul Tech
Malicious packages are threatening software supply chains
Kaspersky's Global Research and Analysis Team experts reported that by the end of 2024 a total of 14,000 malicious packages were found in open-source projects, a 48% increase compared to the end of 2023. 42 million versions of open-source packages have been examined by Kaspersky throughout 2024 in search for vulnerabilities. Open-source is software with source code that anyone can inspect, modify, and enhance. Popular open-source packages include GoMod, Maven, NuGet, npm, PyPI, and others. These are tools that power countless applications and help developers easily find, install, and manage pre-built code libraries, making it simpler to build software by reusing code others have written. Attackers take advantage of the popularity of these and other packages. In March 2025, the Lazarus Group was reported to have deployed several malicious npm packages, which were downloaded multiple times before removal. These packages contained malware to steal credentials, cryptocurrency wallet data, and deploy backdoors, targeting developers' systems across Windows, macOS, and Linux. The attack leveraged GitHub repositories for added legitimacy, highlighting the group's sophisticated supply chain tactics. Kaspersky's GReAT also found other npm packages related to this attack. Malicious npm packages could have been integrated into web development, cryptocurrency platforms, and enterprise software, risking widespread data theft and financial losses. In 2024, a sophisticated backdoor was discovered in XZ Utils versions 5.6.0 and 5.6.1, a widely used compression library in Linux distributions. Inserted by a trusted contributor, the malicious code targeted SSH servers, enabling remote command execution and threatening countless systems globally. Detected before widespread exploitation due to performance anomalies, the incident highlighted the dangers of supply chain attacks. XZ Utils is integral to operating systems, cloud servers, and IoT devices, making its compromise a threat to critical infrastructure and enterprise networks. In 2024, Kaspersky's GReAT discovered that attackers uploaded malicious Python packages like chatgpt-python and chatgpt-wrapper to PyPI, mimicking legitimate tools for interacting with ChatGPT APIs. These packages, designed to steal credentials and deploy backdoors, capitalised on the popularity of AI development to trick developers into downloading them. These packages could have been used in AI development, chatbot integrations, and data analytics platforms, endangering sensitive AI workflows and user data. 'Open-source software is the backbone of many modern solutions, but its openness is being weaponised. The 50% rise in malicious packages by the end of 2024 shows attackers are actively embedding sophisticated backdoors and data stealers in popular packages, which millions rely on. Without rigorous vetting and real-time monitoring, a single compromised package can trigger a global breach. Organisations need to secure the supply chain before the next XZ Utils-level attack succeeds,' comments Dmitry Galov, Head of Research Centre for Russia and CIS at Kaspersky's Global Research and Analysis Team. To stay safe, Kaspersky recommends: Use a solution for monitoring the used open-source components in order to detect the threats that might be hidden inside. If you suspect that a threat actor may have gained access to your company's infrastructure, we recommend using the Kaspersky Compromise Assessment service to uncover any past or ongoing attacks. Verify package maintainers: check the credibility of the maintainer or organization behind the package. Look for consistent version history, documentation, and an active issue tracker. Stay informed on emerging threats: subscribe to security bulletins and advisories related to the open-source ecosystem. The earlier you know about a threat, the faster you can respond. Image Credit: Stock Image
Yahoo
16 hours ago
- Yahoo
Federal Communications Commission, TSA warns travelers of ‘juice jacking' in airports
ALABAMA (WHNT) — The Transportation Security Administration and the Federal Communications Commission are reminding airport travelers to be mindful of where they plug their phones in as well as what WiFi they are using while in an airport. The TSA took to social media to remind travelers that in this technology age, cybersecurity has never been more important. The FCC calls it 'juice jacking.' 'Hackers can install malware at USB ports (we've been told that's called 'juice/port jacking'). So, when you're at an airport, do not plug your phone directly into a USB port. Bring your TSA-compliant power brick or battery pack and plug in there,' TSA said. 'Malware installed through a corrupted USB port can lock a device or export personal data and passwords directly to the perpetrator. Criminals can then use that information to access online accounts or sell it to other bad actors,' the FCC said. Some FCC tips to avoid 'juice jacking' include: Using AC power outlets can help you avoid any potential risks, so be sure to pack AC, car chargers, and your own USB cables with you when traveling. Carry an external battery. Consider carrying a charging-only cable, which prevents data from sending or receiving while charging, from a trusted supplier. If you plug your device into a USB port and a prompt appears asking you to select 'share data,' or 'trust this computer,' or 'charge only,' always select 'charge only.' In addition to this, never make online purchases while on free airport WiFi. 'Do not ever enter any sensitive info while using unsecure WiFi,' the TSA said. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Fox News
18 hours ago
- Business
- Fox News
Microsoft takes down malware found on 394,000 Windows PCs
Infostealer malware has been on the rise recently, and that's evident from the billions of user records leaked online in the past year alone. This type of malware targets everything from your name, phone number and address to financial details and cryptocurrency. Leading the charge is the Lumma infostealer. I have been reporting on this malware since last year, and security researchers have called it one of the most dangerous infostealers, infecting millions. There have been countless incidents of Lumma targeting people's personal data (more on this later), but the good news is that Microsoft has taken it down. The Redmond-based company announced it has dismantled the Lumma Stealer malware operation with the help of law enforcement agencies around the world. Microsoft confirmed that it has successfully taken down the Lumma Stealer malware network in collaboration with law enforcement agencies around the world. In a blog post, the company revealed that its Digital Crimes Unit had tracked infections on more than 394,000 Windows devices globally between March 16 and May 16. Lumma was a go-to tool for cybercriminals, often used to siphon sensitive information like login credentials, credit card numbers, bank account details and cryptocurrency wallet data. The malware's reach and impact made it a favored choice among threat actors for financial theft and data breaches. To disrupt the malware's operation, Microsoft obtained a court order from the U.S. District Court for the Northern District of Georgia, which allowed the company to take down key domains that supported Lumma's infrastructure. This was followed by the U.S. Department of Justice stepping in to seize control of Lumma's core command system and shut down marketplaces where the malware was being sold. International cooperation played a major role as well. Japan's cybercrime unit helped dismantle Lumma's locally hosted infrastructure, while Europol assisted in actions against hundreds of domains used in the operation. In total, over 1,300 domains were seized or redirected to Microsoft-managed sinkholes to prevent further damage. Microsoft says this takedown effort also included support from industry partners such as Cloudflare, Bitsight and Lumen, which helped dismantle the broader ecosystem that enabled Lumma to thrive. Lumma is a Malware-as-a-Service (MaaS) that has been marketed and sold through underground forums since at least 2022. Over the years, its developers have released multiple versions to continually improve its capabilities. I first reported on Lumma in February 2024, when it was used by hackers to access Google accounts using expired cookies that contained login information. Lumma continued targeting users, with reports in October 2024 revealing it was impersonating fake human verification pages to trick Windows users into sharing sensitive information. The malware wasn't limited to Windows. In January 2024, security researchers found the infostealer malware was targeting 100 million Mac users, stealing browser credentials, cryptocurrency wallets and other personal data. To protect yourself from the evolving threat of infostealer malware, which continues to target users through sophisticated social engineering tactics, consider taking these six essential security measures: 1. Be skeptical of CAPTCHA prompts: Legitimate CAPTCHA tests never require you to press Windows + R, copy commands or paste anything into PowerShell. If a website instructs you to do this, it's likely a scam. Close the page immediately and avoid interacting with it. 2. Don't click links from unverified emails and use strong antivirus software: Many infostealer attacks start with phishing emails that impersonate trusted services. Always verify the sender before clicking on links. If an email seems urgent or unexpected, go directly to the company's official website instead of clicking any links inside the email. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 3. Enable two-factor authentication: Enable two-factor authentication (2FA) whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. 4. Keep devices updated: Regularly updating your operating system, browser and security software ensures you have the latest patches against known vulnerabilities. Cybercriminals exploit outdated systems, so enabling automatic updates is a simple but effective way to stay protected. 5. Monitor your accounts for suspicious activity and change your passwords: If you've interacted with a suspicious website, phishing email or fake login page, check your online accounts for any unusual activity. Look for unexpected login attempts, unauthorized password resets or financial transactions that you don't recognize. If anything seems off, change your passwords immediately and report the activity to the relevant service provider. Also, consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here. 6. Invest in a personal data removal service: Consider using a service that monitors your personal information and alerts you to potential breaches or unauthorized use of your data. These services can provide early warning signs of identity theft or other malicious activities resulting from infostealer malware or similar attacks. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. Microsoft's takedown of the Lumma Stealer malware network is a major win in the fight against infostealers, which have fueled a surge in data breaches over the past year. Lumma had become a go-to tool for cybercriminals, targeting everything from browser credentials to crypto wallets across Windows and Mac systems. I've been tracking this malware since early 2024, and its ability to impersonate human verification pages and abuse expired cookies made it especially dangerous. Do you feel tech companies are doing enough to protect users from malware like this? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Forbes
3 days ago
- Health
- Forbes
TSA Warns iPhone And Android Users—You Need This At Airport
New airport warning for smartphone users There is no subject that's more contentious in cyber security circles than so-called juice jacking. It generates fresh headlines most years, when one government agency or another issues a new alert ahead of the holidays. Stories are written and cyber eyebrows are raised — there are more stories than attacks. But still those stories come. But now a new warning suggests there may be a risk for travelers after all. Juice jacking theoretically strikes when you plug your phone into a public charging cable or socket at an airport or hotel, and instead of it being a dumb charger, it's a computer behind the scenes extracting data from your device. This is very different to dangerously crafted attack cables that include a malicious payload in the cable itself. The latest government warning (and headlines 1,2) come courtesy of TSA. 'When you're at an airport, do not plug your phone directly into a USB port,' it says. 'Bring your TSA-compliant power brick or battery pack and plug in there.' This is because 'hackers can install malware at USB ports (we've been told that's called 'juice/port jacking').' TSA also warns smartphone users 'don't use free public WiFi, especially if you're planning to make any online purchases. Do not ever enter any sensitive info while using unsecure WiFi.' This public Wi-Fi hijacking threat is almost as contentious as juice-jacking amongst cyber experts. TL;DR, while it comprises your location, any encrypted data flowing to or from your device from websites or apps should be safe. Your bigger risk is downloading an app from the malicious access point's splash page, filling in online forms, or being redirected to fraudulent login pages for Microsoft, Google or other accounts. The usual advice applies — use passkeys, don't log in to linked or popup windows but use usual channels, and don't give away personal information. You should also be wary of which Wi-Fi hotspots you connect to — are they the real service from the hotel or airport or mall you're in, or cleverly named fakes. As for juice jacking, there is now a nasty new twist to the existing narrative, which while theoretical for now, could fuel attacks that actually work. A new research paper has introduced 'a novel family of USB-based attacks' called ChoiceJacking, which the researchers say, 'is the first to bypass existing Juice Jacking mitigations. The Austrian research team "observed that these mitigations assume that an attacker cannot inject input events while establishing a data connection. However, we show that this assumption does not hold in practice. We present a platform-agnostic attack principle and three concrete attack techniques for Android and iOS that allow a malicious charger to autonomously spoof user input to enable its own data connection.' This is more an issue for Android than iOS, but it's not something for most users to worry about. That said, if you think you might be the target for attacks or if you travel to higher risk parts of the world, I would strongly recommend not using public charging points without some form of data shield or public WiFi without a VPN. You should also be wary of unlocking your device when it's plugged into anything you don't own and control. Interestingly, Google and Samsung have both been better defending devices against USB data extraction, albeit this masks itself as an accessory. There are also new updates for both iOS and Android to reboot devices locked for more than 3 days, which also protects against physical cable attacks. On ChoiceJacking, Kaspersky says 'both Apple and Google blocked these attack methods in iOS/iPadOS 18.4, and Android 15," but "unfortunately, on Android, the OS version alone doesn't guarantee your smartphone's safety… That's why Android users who have updated to Android 15 are advised to connect their smartphone to a known safe computer via a cable and check whether a password or biometric confirmation is required. If not — avoid public charging stations.'
The Sun
5 days ago
- Business
- The Sun
Google warns of Facebook post you must NEVER click or you risk getting your passwords stolen & your texts spied on
GOOGLE owned threat hunters have warned Facebook users of a post that you must never click or you will risk getting your passwords stolen & your texts spied on. Thousands of malicious ads on Facebook and about 10 on LinkedIn have been identified since November 2024. 2 2 A group of criminals tracked as UNC6032 is exploiting interest in AI video generators and users need to be vigilant. They do so by planting malicious ads on social media platforms to steal credentials, credit card details, and other sensitive information. Fake AI Video Generator Tools These ads directed viewers to more than 30 phony websites masquerading as legitimate AI video generator tools. Including Luma AI, Canva Dream Lab, and Kling AI, falsely promising text- and image-to-video generation reports The Register. If a user visits the fake website and clicks on the "Start Free Now" button, they're led through a bogus video-generation interface that mimics a real AI tool. After selecting an option and watching a fake loading bar, the site delivers a ZIP file containing malware that, once executed, backdoors the victim's device, logs keystrokes, and scans for password managers and digital wallets. UNC6032, assessed by Mandiant and Google Threat Intelligence as having ties to Vietnam, has found success with this campaign. The malicious ads have reached more than two million users across Facebook and LinkedIn. Mandiant used both companies' Ad Library tools, designed to comply with the European Union 's Digital Services Act (DSA), to identify the fake websites and the malicious ads' reach. Threat analysts Diana Ion, Rommel Joven, and Yash Gupta said: "Mandiant Threat Defense performed further analysis of a sample of over 120 malicious ads and, from the EU transparency section of the ads, their total reach for EU countries was over 2.3 million users." Although they note that the "reach does not equate to the number of victims." The 10 LinkedIn ads had a total impression estimate of 50,000 to 250,000, with the US accounting for the highest percentage of impressions. Facebook ads were published on both attacker-created pages and compromised accounts. New ads are created daily With UNC6032 "constantly" rotating the domains mentioned in the ads to avoid detection and account bans, while new ads are "created on a daily basis." A Meta spokesperson said the social media company doesn't know how many victims the campaign may have affected. " Meta removed the malicious ads, blocked the URLs, and took down accounts behind them — many before they were shared with us," the spokesperson told The Register. "Cyber criminals constantly evolve their tactics to evade detection and target many platforms at once, and that's why we collaborate with industry peers like Google to strengthen our collective defences to protect our users." Mandiant, in its report, does give Meta credit for its "collaborative and proactive threat hunting efforts in removing the identified malicious ads, domains, and accounts." And explained that a "significant portion" of these detections and removals began last year, prior to Mandiant alerting Meta about its investigation. The malware is designed for information theft All of the websites investigated served up the same payload: STARKVEIL, a malware dropper that deploys three different modular malware families designed for information theft, all capable of downloading plugins. The Mandiant team provides a deep dive into one particular attack that started with a Facebook ad for "Luma Dream AI Machine," mimicking a text-to-video AI tool called Luma AI, but instead redirecting the user to an attacker-created website. After visitors to the phony website click the download button, they receive a ZIP archive containing a Rust-based malware dropper named STARKVEIL. When executed, it extracts its payloads and displays a fake error message to coax the user into running it a second time, completing the infection chain. In reality, however, its alleged that for a successful compromise, the executable needs to run twice. It drops its components during the first execution, and then runs a launcher during the second execution. Fake 'AI websites' pose a significant threat One of the malware dropped is GRIMPULL, a .NET-based downloader with anti-VM and anti-malware analysis capabilities, which uses Tor for C2 server connections. Another is XWORM, also a .NET-based backdoor with capabilities including keylogging, command execution, screen capture, and spreading to USB drives. The third is FROSTRIFT, a .NET backdoor loaded via DLL sideloading into a legitimate Windows process. This malware attempts to establish persistence on the compromised machine, and checks for the existence of 48 browser extensions related to password managers, authenticators, and digital wallets. The Mandiant team wrote: "Although our investigation was limited in scope, we discovered that well-crafted fake 'AI websites' pose a significant threat to both organizations and individual users. "These AI tools no longer target just graphic designers; anyone can be lured in by a seemingly harmless ad." Meanwhile, Android users who follow dangerous phone myths are putting themselves at risk from Big Brother-style spying. Plus, three new Google warnings you must obey or risk having your bank emptied in seconds – and the exact pop-up signs to look out for. And a warning was given to all Gmail users over password hack as Google shared how long you have to act if you fall for the scam. Finally, millions of Netflix users were warned of 'red alert' scam that could wipe your bank account as customers are told 'don't click'.
