New Hak5 Video: Threatwire Explores Current Cybersecurity Threats
In this new video from the @hak5 channel, Ally Diamond introduces Threatwire, a show that explores current cybersecurity threats. Several crucial topics are discussed, including crypto drainer attacks, info stealer malware, and software supply chain attacks. The first topic covers a particularly heinous attack. A Twitch streamer, Rosttoand, was raising funds for his stage 4 cancer treatments live. A viewer encouraged him to download a verified game on Steam in exchange for payment. The game, Block Blasters, was well-rated and free. However, after an update on August 30, a crypto drainer component was added, stealing over $30,000 from Rosttoand, meant for his medical treatments. This type of malware collects Steam login information and uploads it to a C2 server, acting as needed. This is not the first time Steam games have been affected by crypto stealers, with several similar incidents reported this year. Another topic discussed is the return of the Atomic Info Stealer malware, this time deployed via malicious GitHub repositories optimized for SEO. The LastPass security team published an article explaining how Mac OS users are targeted through malicious download links. Attackers use GitHub repositories to host malicious versions of popular software like LastPass, Notion, and Dropbox. When victims visit these repositories, they are redirected to a GitHub page with instructions to run a bash script that downloads the Atomic Info Stealer malware. This type of SEO-optimized attack is a recurring problem for search engines like Google. The video also updates the story of the Shy Hallude worm, which wreaked havoc in the npm ecosystem. Researchers at Socket discovered that nearly 700 public GitHub repositories were created following the naming conventions used by the worm to exfiltrate secrets. They also confirmed that 526 packages were infected, including 17 CrowdStrike packages. This attack surpassed the previous one that affected QIX npm packages, highlighting the growing severity of software supply chain attacks. The practical implications of this information are clear: it is crucial to verify URLs and educate users about the risks of free downloads. Software supply chain attacks are increasingly recognized as a serious threat by maintainers and open-source teams worldwide. To learn more and follow updates, watch the full video at: https://www.youtube.com/watch?v=CThsLuUYsE4