Threat Post

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. A credentials-stealing code bomb that uses legitimate password ...
Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
Dark Reading

W4SP Stealer Stings Python Developers in Supply Chain Attack

Attackers continue to create fake Python packages and use rudimentary obfuscation techniques in an attempt to infect developers' systems with the W4SP Stealer, a Trojan designed to steal ...
Bleeping Computer

Dozens of PyPI packages caught dropping 'W4SP' info-stealing malware

Researchers have discovered over two dozen Python packages on the PyPI registry that are pushing info-stealing malware. Most of these contain obfuscated code that drops "W4SP" info-stealer on infected ...
Forbes

Hackers Force Chrome Users To Hand Over Google Passwords. Here’s How

Update, Sept. 17, 2024: This story, originally published Sept. 15, now includes details of more credential-stealing threats targeting web browser users. Newly published research has revealed how ...
Dark Reading

'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines

Malicious Python packages masquerading as legitimate code obfuscation tools are targeting developers via the PyPI code repository. Focusing on those interested in code obfuscation is a savvy choice ...
Hosted on MSN

A clever new infostealer malware is able to easily bypass Google Chrome cookie encryption

Researchers discover Glove Stealer, a new infostealer It can bypass Google's cookie encryption mechanism, introduced last summer Glove Stealer can grab cookies, passwords, and information from add-ons ...