Get the latest tech news
Cybercriminal Posed as 'Helpful' Stack Overflow User To Recommend Malware Hosted on PyPi
An anonytmous reader shared a recent report from BleepingComputer: Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware — answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware... "We further n...
An anonytmous reader shared a recent report from BleepingComputer: Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware — answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware... "We further noticed that a StackOverflow account 'EstAYA G' [was] exploiting the platform's community members seeking debugging help [ 1, 2, 3] by directing them to install this malicious package as a 'solution' to their issue even though the 'solution' is unrelated to the questions posted by developers," explained Sonatype researcher Ax Sharma in the Sonatype report. It also appears to search through documents for specific phrases and, if found, steal the data as well. All of this information is then sent back to the attacker, who can sell it on dark web markets or use it to breach further accounts owned by the victim.
Or read this on Slashdot