logo
episode-header-image
Jan 2025
24m 2s

Crypto client or cyber trap? [Research S...

N2K Networks
About this episode

Karlo Zanki, Reverse Engineer at ReversingLabs, discussing their work on "Malicious PyPI crypto pay package aiocpa implants infostealer code." ReversingLabs' machine learning-based threat hunting system identified a malicious PyPI package, aiocpa, designed to exfiltrate cryptocurrency wallet information.

Unlike typical attacks involving typosquatting, the attackers published a seemingly legitimate crypto client tool to build trust before introducing malicious updates. ReversingLabs used its Spectra Assure platform to detect behavioral anomalies and worked with PyPI to remove the package, highlighting the growing need for advanced supply chain security tools to counter increasingly sophisticated threats.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next
Yesterday
Julian Waits: Find a way to help society. [Serial Entrepreneur] [Career Notes]
Please enjoy this encore of Career Notes. Senior Vice President and Executive in Residence with Rapid7 and Chairman for Cyversity, Julian Waits, grew up in the era of the Justice League and Superman and it shaped his career. Julian always wanted to do something where he could fin ... Show More
11m 4s
Aug 23
Beyond the smoke screen. [Research Saturday]
This week, we are joined by Dr. Renée Burton, VP of Infoblox Threat Intel, who is discussing their work on VexTrio, a notorious traffic distribution system (TDS) involved in digital fraud. The VexTrio investigation uncovers a massive global ad fraud and scam operation powered by ... Show More
22m 22s
Aug 22
A free speech showdown.
The FTC warns one country’s “online safety” may be another’s “censorship.” A new bipartisan bill aims to reduce barriers to federal cyber jobs. MURKY PANDA targets government, technology, academia, legal, and professional services in North America. MITRE updates their hardware we ... Show More
31m 48s
Recommended Episodes
May 7
6 Year Old Sleeper Attack Uncovered, Fake Bank Draft Scam, and Signal Tool Breach
In this episode of Cybersecurity Today, host Jim Love delves into a range of alarming cyber incidents. A six-year sleeper supply chain attack has compromised thousands of e-commerce websites, exploiting vulnerabilities in Magento extensions from vendors Tigren, Meetanshi, and Mag ... Show More
8m 56s
May 24
From English Literature to Cybersecurity: A Journey Through Blockchain and Security
LINKS: https://distrust.co/software.html - Software page with OSS software Linux distro: https://codeberg.org/stagex/stagex Milksad vulnerability: https://milksad.info/ In this episode of Cybersecurity Today on the Weekend, host Jim Love engages in a captivating discussion with A ... Show More
54m 36s
Jun 20
Severed Fingers and Wrench Attacks: A New Era in Crypto Crime
The most well-known cryptocurrency thefts involve online hacks or phishing attempts via text messages. But WSJ's Sam Schechner has been reporting on a new wave of violent crypto thefts: wrench attacks. Brutal physical attacks against the crypto elite are on the rise. Annie Minoff ... Show More
21m 4s
Jul 18
Cybersecurity Today: DNS Malware, SonicWall Backdoor, Military Breach, and BigONE Crypto Hack
In today's episode, host Jim Love covers recent cybersecurity threats, including malware hidden in DNS records, a custom backdoor targeting SonicWall SMA devices, the US military assuming a network compromise after Chinese hackers targeted VPNs and email servers, and a $27 millio ... Show More
9m 31s
Sep 2024
#67: "Introducing Crypto Unplugged's Alpha Insider and DataVision Analytics"
Send us a textIn Episode 67 of the Crypto Unplugged Podcast, Doc and Oz sit down to discuss a major evolution in the TheMarketsUnplugged journey: the decision to transition to a subscription-based website. After years of providing free crypto insights, Doc and Oz explain why they ... Show More
46m 6s
Feb 2021
SLP252 NVK Bitcoin Hardware Wallets vs Air Gapped Computers
NVK, CEO of CoinKite joins me on the show to talk about hardware wallets, air gapped computers and all kinds of useful security questions. This episode will help you learn about the kinds of attacks possible against air gapped computers and hardware wallets, as well as bring some ... Show More
1h 2m
Jul 28
Amazon AI Tool Hacked, Scattered Spider Attacks VMware, and Major Ransomware Takedown | Cybersecurity Today
In this episode of Cybersecurity Today, host David Shipley covers several key incidents impacting the cybersecurity landscape. Amazon's generative AI coding assistant 'Q' was compromised by a hacker who injected data-wiping code into the tool's GitHub repository. Scattered Spider ... Show More
11m 9s
Jul 21
NPM Linter Packages Hijacked, Microsoft's China Issue, and AI in Phishing Attacks: Cybersecurity Today:
In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads. Concurrently, Ukrainian CERT uncovers new phishing campaig ... Show More
17m 6s
Jan 2025
DeepSeek Security Failure: Cyber Security Today, Friday, January 31, 2025
Cybersecurity Today: DeepSeek AI's Data Breach, New API Threats, & Operation Talent In this episode of 'Cybersecurity Today,' host Jim Love delves into the recent security lapse by DeepSeek AI, highlighting the exposure of sensitive data through an open ClickHouse database. Learn ... Show More
9m 20s
Listen to millions of songs and podcasts on Anghami