The Water Curse group, a recently identified threat actor, has been using GitHub as a platform to deliver weaponized repositories. The group has a diversified portfolio, dealing in malware, evasion utilities, game cheats, cryptocurrency tools, and more. Their operations suggest elements of stealth, automation, and scalability. Their method of operation involves disabling security features, gathering system info, stealing sensitive data, and establishing command and control via Telegram. It underscores the need for robust managed detection and response (MDR) in modern cybersecurity operations.
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS, CI/CD and macOS Data
A sophisticated malware campaign targets the Python Package Index (PyPI) with a malicious package, “chimera-sandbox-extensions,” designed to steal sensitive corporate credentials. This supply chain attack
