New Video from @_JohnHammond Discusses Sophisticated Malware Attacks on Software Dependencies and Game Mods

In this video, John Hammond interviews Josh Reynolds and Cedric, alias Humpty, from Invoke RE, to discuss a series of malware attacks targeting software dependencies and video game mods. The in-depth analysis reveals sophisticated techniques used by cybercriminals to compromise developer accounts and inject malicious software into popular packages.

One of the key points of the discussion is the attack on the npm package "eslint-config-prettier," which was compromised to distribute malware. The attackers used a phishing technique to obtain an npm token, allowing them to publish malicious versions of the package. This attack was discovered through community reports and analyses of suspicious files on platforms like VirusTotal and Joe Sandbox.

The experts also discussed the evolution of techniques used by the attackers. For example, the malware has evolved to include loading mechanisms that download and execute additional modules only if certain target software is installed on the victim's machine. These modules target cryptocurrency wallets like Exodus and Electrum, as well as Chromium browser extensions.

Josh Reynolds demonstrated the use of Binary Ninja to analyze malicious binaries. He showed how attackers use obfuscation techniques to hide important strings and functions. Using custom scripts, Josh was able to decipher these strings and reveal the attackers' intentions, such as stealing passphrases and cryptocurrency wallet seeds.

Cedric emphasized the importance of developer account security and the build processes for dependencies. He mentioned that some companies use fingerprinting techniques to ensure that build processes remain consistent and secure. He also discussed measures that developers can take to protect their accounts, such as using multi-factor authentication (MFA) and password keys.

The video highlights the complex challenges of securing software supply chains and video game mods. Attackers are using increasingly sophisticated techniques to compromise accounts and distribute malware, putting millions of users at risk. The experts recommend that developers and users remain vigilant and take proactive measures to secure their environments.

In conclusion, this video provides an in-depth analysis of the malware techniques used in recent attacks and offers practical advice for improving the security of software supply chains. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=wFBdeak0t70