An NPM and PyPI Malicious Campaign Targeting Windows Users
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Datadog Security Research has uncovered an ongoing supply chain attack targeting both npm and PyPi package repositories, tracked as MUT-8694. This campaign uses malicious packages to deliver infostealer malware to Windows users, leveraging legitimate services like GitHub and repl.it for payload hosting. The threat actor employs typosquatting and targets developers, particularly those working with Roblox. Two main malware types are deployed: Blank Grabber and Skuld Stealer, both open-source projects with capabilities to steal credentials, crypto wallets, and other sensitive information. The campaign demonstrates sophistication in its multi-ecosystem approach and persistence, highlighting the growing risk to open-source package repositories.
OPENCTI LABELS :
infostealer,pypi,typosquatting,supply-chain,npm,roblox
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
An NPM and PyPI Malicious Campaign Targeting Windows Users