Researchers have flagged a popular open source package, "SqzrFramework480," for potential industrial espionage malware. Uploaded to the NuGet open source repository on Jan. 24, the .NET dynamic link library (DLL) claims to manage graphical user interfaces (GUIs), machine vision libraries, and robotic movement settings, purportedly associated with Bozhon Precision Industry Technology Co., a Chinese manufacturer. However, a method named "Init" within SqzrFramework480 has raised suspicion. It initiates by pinging a remote IP address, concealing it as a byte array. If successful, it establishes a socket connection and captures screenshots from the host machine, sending them to the concealed IP address. While this behavior could be innocuous, certain factors cast doubt. The package's nondescript labels and obfuscated IP address handling raise concerns. Moreover, it was uploaded by a NuGet account with minimal prior activity, further adding to the skepticism. Although there's no conclusive evidence of malicious intent, caution is advised. Users are urged to scrutinize packages before use, manually auditing them if possible or employing automated scanning tools for verification. As SqzrFramework480 remains available for download, vigilance in software selection is crucial to mitigate potential risks.
Zscaler ThreatLabz researchers have uncovered a surge in fraudulent websites hosted on popular web hosting and blogging platforms, part of an elaborate strategy to spread malware t...
The Federal Trade Commission (FTC) has announced that it will distribute $5.6 million in refunds to Ring users affected by privacy and security issues. The refunds come as part of ...
In the summer of 2023, the Lazarus Group, a threat actor linked to North Korea, employed its well-known fabricated job lures to deliver a new remote access trojan (RAT) named Kaoli...