The last few months I have had so much fun rapidly prototyping personal and @permisosecurity projects. I treat every weekend as a hackathon. Using @cursor_ai has been a game changer for me to be able to crank out fast and mostly polished POCs. Today, I'm gonna showcase some of of these!

NPM Malware > - Obfuscated postinstall hook (.prepare.cjs) uses char-code arrays to hide sensitive variable names - Credential harvesting targeting AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, GITHUB_TOKEN, NPM_TOKEN - Exfiltration endpoint at open[.larksuite[.com (Feishu bot webhook) acts as C2 - Explicit sandbox evasion logic checking for SANDYCLAW, OPENCLAW, PERMISO, CHAINRADAR env https[://www[.npmjs[.com/package/ash-claw/v/1.7.13 https[://sandyclaw[.permiso[.io/shared/5PVyO_QI-Y0ENhwni99JtULn_f8oVSMpqWXiYktq5E4 @TekDefense 😂

🤩 We just wrapped up 2 days of my training Practical AI for Threat Intel in Sydney! It was packed and the class was fantastic! If you want to step up your skills and learn faster from our latest research, the next session will be hosted at @BlackHatEvents in August! blackhat.com/us-26/training/…

GitHub announces npm security changes to tackle supply-chain attacks bleepingcomputer.com/news/se…

I think I should be flattered! First ITW package that specifically tries to evade SandyClaw (unsuccessfully) sandyclaw.permiso.io/shared/… Great find @KirkDerpca ! npmjs.com/package/visa-respo…

// CI/CD sandbox detection (prefix-based, catches all SandyClaw/OpenClaw/Permiso variants) 🤷‍♂️ sandyclaw.permiso.io/shared/… (Malicious) https[://www[.npmjs[.com/package/visa-response/v/1.4.4-beta?activeTab=code

Great team over there 👇🏼

🤓 This morning at @SLEUTHCON, I talked about how AI is being targeted and leveraged by cybercriminals. Which is beyond simply using models in their operations, attackers are also actively targeting AI environments themselves. That AI agent you trusted inside your organization is becoming a prime target because you don’t know what it is doing while it is running. And attackers know it. 💀

NPM Malware > Shai-Hulud Supply Chain Attack (Now) npmjs.com/package/@ethlete/q… npmjs.com/package/@ethlete/d… npmjs.com/package/@ethlete/c… npmjs.com/package/@ethlete/t… npmjs.com/package/@ethlete/c… npmjs.com/package/@ethlete/c… npmjs.com/package/@ethlete/t… npmjs.com/package/@ethlete/c… npmjs.com/package/github-arc… npmjs.com/package/@forjacms/… npmjs.com/package/dbmux/v/2.… npmjs.com/package/discord-se… npmjs.com/package/@forjacms/… npmjs.com/package/@forjacms/… npmjs.com/package/@ethlete/c… npmjs.com/package/@forjacms/… npmjs.com/package/create-cf-… more continually dropping

NPM Malware > 3 Packages, all malicious, multiple versions. "Security Research Honeypot" that wants to exfil your corp OneDrive var hasCorpOneDrive = !!env.ONEDRIVECOMMERCIAL; 🤷‍♂️ 46[.224.67.169:3000 https[://www[.npmjs[.com/~deathpoolxrs Sandbox: sendgrid-sdk@0.2.4: sandyclaw.permiso.io/package… twilio-sdk@0.2.4: sandyclaw.permiso.io/package… gpt-sdk@0.2.4: sandyclaw.permiso.io/package…

NPM Malware > Package itself is empty/benign but has a dependency listed in package.json to an external source... silently runs test.js collects data and ships it off too housecall-ui[.w74ghp3dc2o7gmsqrl4b6itmvd14vslga[.oastify.com https[://www[.npmjs[.com/package/housecall-ui Sandbox: sandyclaw.permiso.io/shared/…

Are you sick of waiting for the next attack? Tired of standing by while adversaries take the initiative? Become a GTIG Disruption Engineer and help us change the way we do defense. google.com/about/careers/app…

🤓 On Friday I will have the honor to present the keynote at @SLEUTHCON! Come say hi if you are around!

Big thanks to @thecyberwire for covering our recent ChatGPhish research from @SecEagleAnd1 in their recent episode. "Ahmeti demonstrated how attackers could insert fraudulent account warnings and malicious links into otherwise legitimate summaries. He also showed that embedded QR codes could redirect victims from their desktops to attacker-controlled websites on mobile devices, potentially bypassing browser-based security protections. The vulnerability stems from ChatGPT treating untrusted external content as trusted input during summarization." thecyberwire.com/podcasts/da…

Oh no, please. For the love of software supply chain security, please do not encourage this. We need to get rid of lifecycle scripts. Pretty please? 😭

I love it when attackers capture their own keylogs, even better when they screenshot their own computer while testing their malware. Our attacker (bink) videcoding their NPM malz with Cursor and Codex 5.3 ... More context in the previous thread. @ItsReallyNick , I think our Keylogs Chronicles book idea still has legs.