svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief June 09, 2025

Jun 09, 2025

bulletproof VPN - stay anonymous

New Supply Chain Malware Operation Targeting npm and PyPI

A supply chain attack has compromised over a dozen GlueStack-related packages in npm and PyPI, delivering malware capable of executing shell commands, stealing data, and persisting on infected systems. The malware, similar to a previously observed RAT, targets developers via widely downloaded packages, with some versions reaching nearly 1 million weekly downloads.

Impact: Potential data theft, cryptomining, and service disruption across global developer ecosystems.
Mitigation: Roll back to safe package versions, revoke compromised tokens, and monitor for suspicious activity.

Source: The Hacker News

New Mirai Botnet Exploiting TBK DVR Devices

A Mirai variant exploits CVE-2024-3721, a command injection flaw in TBK DVR-4104/DVR-4216 devices, to enlist them in DDoS botnets. The attack leverages a public PoC to execute shell commands via manipulated POST requests, with ~50,000 devices exposed globally.

Impact: Compromised devices can be used for DDoS attacks or proxy traffic.
Mitigation: Isolate vulnerable DVRs, apply patches if available, and restrict internet exposure.

Source: BleepingComputer

Malicious Browser Extensions Targeting Latin American Banks

Operation Phantom Enigma distributes malicious Chrome/Edge extensions via phishing emails, stealing banking credentials from Brazilian users. The campaign uses PowerShell scripts to disable UAC and deploy extensions, with 722 downloads across 70 companies.

Impact: Financial fraud via stolen authentication tokens and session hijacking.
Mitigation: Remove identified extensions, disable automatic extension installation, and educate users on phishing.

Source: The Hacker News

PyPI Credential-Stealing Package Posing as Instagram Tool

The PyPI package imad213 masquerades as an Instagram growth tool but harvests credentials, exfiltrating them to 10 bot services. A kill switch via a Netlify-hosted file allows attackers to control execution.

Impact: Credential theft and potential account takeover.
Mitigation: Avoid untrusted PyPI packages, revoke compromised credentials, and enable MFA.

Source: The Hacker News

Deportation of Australian Hacker “DR32” After Guilty Plea

Australian hacker David Kee Crees (“DR32”) faces deportation after pleading guilty to 14 counts of computer fraud and money laundering in the U.S. Despite causing significant damage, he received only time served and a $1,400 fine.

Source: DataBreaches.net

Share this brief: https://svo.bz/tDZw

If you want to support us, you can donate here: Donate