Dark Reading

Npm Package Hides Malware in Steganographic QR Codes

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.
Lehigh Valley Live

What does the word ‘obfuscate’ mean? If you’re feeling puzzled, here’s what to know

If clarity shines a light on something, obfuscating it is casting a shadow over it. The word “obfuscate” is cloaked in darkness, and often describes things that are shrouded in mystery, are ...
The Hacker News

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code

VVS Stealer is a Python-based malware sold on Telegram that steals Discord tokens, browser data, and credentials using heavy ...
CSOonline

Google researchers detect first operational use of LLMs in active malware campaigns

Google’s Threat Intelligence Group reports that new malware strains use LLMs mid-execution to generate, rewrite, and obfuscate malicious code in real time. Threat actors are now actively deploying ...
Bleeping Computer

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...