Bleeping Computer

PyPI package 'keep' mistakenly included a password stealer

PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to be containing a backdoor due to the presence of malicious 'request' dependency within some versions. For example, while most versions of ...
Threat Post

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. A credentials-stealing code bomb that uses legitimate password ...
TechRepublic

New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers

New Malware Targets 97 Browser Variants, 76 Crypto Wallets & 19 Password Managers Your email has been sent Learn how the Meduza Stealer malware works, what it targets and how to protect your company ...
Threat Post

New Windows Trojan Steals Browser Credentials, Outlook Files

The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims. Researchers have discovered a new information-stealing trojan, ...
Ars Technica

Mac users served info-stealer malware through Google ads

Mac malware that steals passwords, cryptocurrency wallets, and other sensitive data has been spotted circulating through Google ads, making it at least the second time in as many months the widely ...