Cyber Bites - 3rd January 2025 episode artwork

EPISODE · Jan 2, 2025 · 7 MIN

Cyber Bites - 3rd January 2025

from Cyber Bites · host Edwin Kwan

* Fake Stars Inflate Popularity of Malicious GitHub Repositories* Cybercriminals Exploit Chrome Web Store to Infect Millions of Users* Malicious Packages Found on Python Package Index and VSCode Marketplace* One Third of Adults Don't Know How to Erase Their Data from an Old Device* New Clickjacking Technique "DoubleClickjacking" Bypasses Security MeasuresFake Stars Inflate Popularity of Malicious GitHub Repositorieshttps://arxiv.org/pdf/2412.13459A new study reveals a significant problem with inauthentic "stars" being used to artificially inflate the popularity of scam and malware distribution repositories on GitHub. These fake stars mislead users into trusting malicious projects and potentially downloading malware.How Fake Stars Work* GitHub users can "star" repositories similar to liking them on social media platforms.* The number of stars is a key factor in how GitHub ranks repositories and recommends them to users.* Malicious actors create fake accounts or compromise existing ones to star malicious repositories, making them appear more popular and trustworthy.Impact of Fake Stars* Increased Reach for Malicious Projects: Fake stars help malicious repositories reach more unsuspecting users who may be tricked into downloading malware.* Eroded Trust in GitHub: The widespread use of fake stars undermines the overall trust and credibility of the GitHub platform.Researchers developed a tool called StarScout to analyze user activity and identify patterns indicative of fake stars. StarScout looks for signs of low user activity, bot-like behavior, and coordinated starring activity across multiple accounts.The study identified 4.5 million suspected fake stars across GitHub. These fake stars were associated with over 15,800 repositories and 278,000 user accounts. Recommendations for Users* Don't rely solely on the number of stars to judge a repository's legitimacy.* Carefully evaluate the repository's activity, documentation, code quality, and user contributions.* Be cautious when downloading software from GitHub, especially from repositories with few contributions or suspicious activity.This study highlights the importance of staying vigilant when using GitHub. By being aware of fake stars and other deceptive tactics, users can help protect themselves from malware and other online threats.Cybercriminals Exploit Chrome Web Store to Infect Millions of Usershttps://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-itA sophisticated cyberattack has compromised at least 35 Chrome browser extensions, potentially exposing over 2.6 million users to data theft and credential stealing.The campaign began with a phishing attack targeting a Cyberhaven employee, granting attackers access to their Chrome Web Store account. This allowed them to inject malicious code into the Cyberhaven extension, which was subsequently downloaded by numerous users.Further investigation revealed that this was not an isolated incident. Multiple other extensions, including popular tools for AI assistance, VPNs, and video recording, were also compromised, likely through similar phishing attacks.These malicious extensions collected user data, including cookies, access tokens, and potentially even sensitive financial information. Some extensions even contained code designed to steal Facebook login credentials.Attack like these highlights the growing threat of compromised browser extensions. As these extensions often have broad access to user data and browsing activity, they can be a significant entry point for cybercriminals.Users are advised to exercise caution when installing browser extensions, carefully vetting their source and checking for any suspicious activity. Developers are also urged to implement strong security measures to protect their accounts and prevent unauthorised access.This ongoing campaign underscores the importance of vigilant security practices in the ever-evolving threat landscape of online activity.Malicious Packages Found on Python Package Index and VSCode Marketplacehttps://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-codeCybersecurity researchers have discovered malicious packages uploaded to the Python Package Index (PyPI) and the Visual Studio Code Marketplace. These packages, disguised as legitimate tools for cryptocurrency development and productivity, were designed to steal sensitive information from developers' systems.The malicious PyPI packages, named "zebo" and "cometlogger," were downloaded hundreds of times before being removed. These packages contained code to steal keystrokes, capture screenshots, and exfiltrate sensitive data, including credentials from popular platforms like Discord, Steam, and Instagram.Similarly, researchers identified malicious VSCode extensions that targeted cryptocurrency developers and Zoom users. These extensions, often with names resembling legitimate tools, downloaded and executed malicious payloads.Typosquatting and Fake ReviewsAttackers employed typosquatting techniques, creating packages with names that closely resembled legitimate ones, such as "@typescript_eslinter/eslint" instead of "typescript-eslint." They also inflated download numbers and used fake reviews to make these malicious packages appear more trustworthy.Impact and Recommendations:This incident highlights the growing threat of supply chain attacks targeting software development ecosystems. Developers are urged to exercise extreme caution when downloading and installing packages from online repositories.Key recommendations include:* Thoroughly vetting all packages before installation.* Checking the source and reputation of the developer.* Regularly auditing development environments for potential threats.This incident serves as a stark reminder of the importance of maintaining a strong security posture throughout the entire software development lifecycle.One Third of Adults Don't Know How to Erase Their Data from an Old Devicehttps://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/12/14-million-people-don-t-know-how-to-erase-their-data-from-an-old-device/A new survey from the UK's Information Commissioner's Office (ICO) reveals that nearly a third of adults in the UK don't know how to properly wipe their old electronic devices before discarding them. This lack of awareness poses a significant risk to personal data security.The survey found that while 71% of respondents agree that wiping data from old devices is important, 24% find the process too difficult. Worryingly, 21% of young people (aged 18-34) believe wiping data is unnecessary, compared to just 4% of those over 55. This suggests a concerning lack of awareness among younger generations about the importance of data security.The ICO emphasizes the importance of securely erasing personal information before disposing of old devices to prevent data breaches and fraud. Simple methods like factory resets can effectively erase most personal data from mobile phones.With the holiday season approaching and many people expected to purchase new devices, the ICO urges individuals to prioritize data security and properly dispose of their old electronics.New Clickjacking Technique "DoubleClickjacking" Bypasses Security Measureshttps://www.paulosyibelo.com/2024/12/doubleclickjacking-what.htmlA new cyberattack technique dubbed "DoubleClickjacking" has been discovered, exploiting the timing between double-clicks to bypass existing clickjacking protections. This allows attackers to trick users into unknowingly granting permissions or performing actions on websites, potentially leading to account takeovers and data theft.DoubleClickjacking leverages the brief window between two mouse clicks to seamlessly redirect users to malicious pages while they interact with seemingly innocuous elements. This method can bypass common security measures like X-Frame-Options and SameSite cookies, which are designed to prevent clickjacking attacks.While this technique builds upon existing clickjacking methods, it introduces a new layer of complexity that requires a re-evaluation of current security measures. Researchers suggest that browser vendors should consider implementing new standards to specifically address this vulnerability.This disclosure follows the discovery of another clickjacking variant earlier this year, highlighting the ongoing evolution of cyberattack techniques and the need for continuous vigilance in online security. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

Episode metadata supplied by the publisher feed · Published Jan 2, 2025

NOW PLAYING

Cyber Bites - 3rd January 2025

0:00 7:13

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

CISO Perspectives (public) N2K Networks This season on CISO Perspectives, host Kim Jones explores some of the challenges of leading through uncertainty. We explore the complexity of the changing nature of regulation and working with the federal government, the evolution of privacy and fraud, and how emerging technologies like AI and quantum computing are changing cyber. When you don’t know what questions to ask, you’re afraid to ask, or don’t know who to ask, CISO Perspectives provides the foundation for learning in this brave new world. Guardians Of Innocence Guardians Of Innocence Guardians of Innocence is a powerful and informative podcast designed to equip parents, teachers, and communities with the knowledge and tools needed to protect children from the growing threat of trafficking. Each episode dives deep into the tactics traffickers use to target vulnerable children—both online and in real life—and provides actionable advice on how to recognize the warning signs.Through expert interviews with cyber safety professionals, law enforcement, and survivors, we uncover the latest grooming methods, share real-world stories, and empower listeners to become vigilant guardians of innocence in their own families and communities.Guardians of Innocence is more than just a podcast; it’s a call to action to safeguard our children, raise awareness, and foster a united front against trafficking.Listen. Learn. Protect. Site Bites Carlton Gover Join host Carlton Gover (from A Life In Ruins podcast on the Archaeology Podcast Network) as he brings on a co-host for each season to discuss a single archaeological site. They'll dive into every aspect of a site over the course of the season. Every episode of the season will be released at the same time so you can binge on a quiet Sunday morning or listen when you can. The Cyber Sleuth Show Cyber Social Hub Step into the world of digital forensics, mobile forensics, OSINT, and cybersecurity with The Cyber Sleuth Show! Hosted by Kevin DeLong, this podcast dives deep into the ever-evolving landscape of digital investigations, featuring expert guests, cutting-edge tools, real-world case insights, and, of course, the occasional terrible dad joke.From law enforcement investigators and forensic analysts to OSINT specialists and cybersecurity pros, we uncover the latest trends, techniques, and challenges in the field—giving you the knowledge you need to find the truth behind digital incidents.🔍 Stay ahead of the curve. Stay informed. Stay sleuthing.📢 Join the community! Connect with fellow digital investigators for FREE at CyberSocialHub.com.🎥 Prefer video? Watch the podcast on YouTube: @CyberSocialHub.🚀 Subscribe now and sharpen your investigative skills!

Frequently Asked Questions

How long is this episode of Cyber Bites?

This episode is 7 minutes long.

When was this Cyber Bites episode published?

This episode was published on January 2, 2025.

What is this episode about?

* Fake Stars Inflate Popularity of Malicious GitHub Repositories* Cybercriminals Exploit Chrome Web Store to Infect Millions of Users* Malicious Packages Found on Python Package Index and VSCode Marketplace* One Third of Adults Don't Know How to...

Can I download this Cyber Bites episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!