All news with #dependency confusion tag

🛡️ Kaspersky researchers found three malicious PyPI wheel packages — uuid32-utils, colorinal and termncolor — that covertly delivered a new malware family named ZiChatBot to Windows and Linux hosts. The packages drop platform-specific loaders (terminate.dll or terminate.so) that persist via a Registry autorun entry or a crontab and act as droppers for the main payload. ZiChatBot uses public Zulip REST APIs as its command-and-control channel, executes shellcode received from the service, and signals success by sending a heart emoji. The packages were uploaded in July 2025 and have been removed; organizations should audit dependencies, verify build environments, and monitor the published indicators.

⚠️ On March 31, 2026 Microsoft identified two malicious npm releases of Axios (1.14.1 and 0.30.4) that introduced a trojan via a fake dependency plain-crypto-js@4.2.1 executing in a post-install hook to fetch platform-specific RAT payloads. Microsoft attributes the infrastructure and compromise to Sapphire Sleet. Immediate controls include reverting to safe Axios versions, pinning dependencies, rotating secrets, and using Microsoft Defender protections.

🚨 In mid-November security researcher Paul McCarty flagged a vast spam campaign in the npm registry that injected tens of thousands of useless modules named after Indonesian dishes. The packages — about 86,000 at discovery — often appeared legitimate, used chains of dependencies, and some contained self-replication to publish more modules and even tied into the TEA blockchain to harvest tokens. The campaign created dependency bloat, reputational risk, and the potential for future supply-chain abuse; Kaspersky recommends developer awareness training and container/dependency scanning with tools such as KASAP and specialized runtime protection.

🐛 Researchers at Socket say attackers are abusing dependency relationships in the Open VSX registry to deliver a loader linked to GlassWorm. Since Jan 31, 2026, Socket identified at least 72 malicious listings that pose as developer utilities and later add dependencies to fetch payload extensions. By using VS Code features like extensionPack and extensionDependencies, threat actors turn trusted-looking extensions into transitive delivery vehicles during updates. Mitigations include auditing extension dependencies, monitoring updates, and restricting installs to trusted publishers.

🔒 Cybersecurity researchers have identified a significant escalation in the GlassWorm campaign, which has abused at least 72 extensions in the Open VSX registry to target developers, Socket reports. The actor leverages extensionPack and extensionDependencies to turn benign-looking extensions into transitive delivery vehicles that install malicious packages after trust is established. The malicious listings impersonated common developer tools and used heavier obfuscation, invisible Unicode characters, Solana transactions as dead drops, and rotating wallets to evade detection. Open VSX has removed the flagged extensions while vendors and researchers continue their analysis.

🛡️ Cybersecurity researchers uncovered five malicious Rust crates on crates.io that posed as time utilities while exfiltrating .env files to attacker infrastructure. The packages—chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync—were published in late February and early March 2026 and used a lookalike domain to collect secrets. Affected users should assume possible compromise: rotate keys, audit CI workflows, and limit outbound access from build systems.

🔒 A malicious Go module, github.com/xinfeisoft/crypto, impersonating the legitimate golang.org/x/crypto mirror, was found to exfiltrate terminal-entered secrets and deliver a Linux backdoor. The injected backdoor hooks ssh/terminal/terminal.go so calls to ReadPassword() capture interactive passwords and send them to a remote endpoint, which responds with a shell script. That script appends an SSH key to /home/ubuntu/.ssh/authorized_keys, relaxes iptables defaults, and downloads two payloads—one that probes connectivity and contacts 154.84.63.184:443, and the other identified as the Rekoobe trojan. The Go security team has blocked the package, but researchers warn this low-effort impersonation pattern will likely be reused against other credential-edge libraries.

🔒 Researchers from Koi Security disclosed a set of flaws, called PackageGate, that let attackers bypass post‑Shai‑Hulud protections by abusing Git-sourced dependencies. They found crafted configuration files (for example, a malicious .npmrc) can override the git binary path during install and enable code execution even when --ignore-scripts is set. Similar bypasses and lockfile integrity weaknesses affected pnpm, vlt and Bun; vendors patched those tools, but npm closed the report claiming the behavior "works as expected."

🔍 ReversingLabs discovered legacy bootstrap code in Python packages that fetches and executes an installer from the unclaimed domain python-distribute.org. The zc.buildout bootstrap.py pulls distribute_setup.py, and because the domain is for sale an attacker could acquire it and serve malicious payloads. Packages including tornado and slapos.core still contain the script; it targets Python 2 and is not executed automatically during installation, but its presence increases the supply-chain attack surface if developers run it.

🔍 Security researchers have uncovered a large-scale, worm-like campaign targeting the npm registry. Dubbed IndonesianFoods, the operation has run for over two years and uses at least 11 npm accounts to publish tens of thousands of spam packages. Each package contains an auto.js or publishScript.js script that, when executed, forces packages public, randomizes versions and self-publishes in a loop. Endor Labs warns a single execution can produce ~12 packages per minute and the packages interlink as dependencies, creating exponential spread, registry strain and substantial supply-chain risk.

🔍 Researchers at ReversingLabs found a loophole in the Visual Studio Code Marketplace that permits threat actors to republish removed extensions under the same visible names. The new malicious package, ahbanC.shiba, mirrors earlier flagged extensions and acts as a downloader for a PowerShell payload that encrypts files in a folder named "testShiba" and demands a Shiba Inu token ransom. Investigation revealed that extension uniqueness is enforced by the combination of publisher and name, not the visible name alone, enabling attackers to reuse names once an extension is removed. Organizations should audit extension IDs, enforce whitelists, and run automated supply-chain scanning to reduce exposure.