On October 30, 2023 Phylum’s automated risk detection platform alerted us to a strange publication to npm called puma-com. Upon investigation, we found a very convoluted attack chain that ultimately pulled a remote file, manipulated
On October 27, Phylum’s automated risk detection platform began alerting us to a series of suspicious publications on npm. Over the course of the following few days, we discovered a campaign involving at least 48
Phylum discovered two packages published to PyPI on October 28 that claim to be libraries for simplifying internationalization. The files were highly obfuscated and upon further inspection were found to contain malicious code designed to steal
Phylum specializes in identifying and mitigating software supply chain attacks, focusing on protecting developers against threats originating from open-source ecosystems. By meticulously monitoring and analyzing every package published in real-time across seven diverse ecosystems (i.e.
On October 6, 2023, Phylum’s automated risk detection platform alerted us to a suspicious publication on NuGet. After working through several layers of obfuscation we ultimately discovered that this package was delivering SeroXen RAT.
Background
