Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information and test stolen credit card data. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a fully automated carding script targeting WooCommerce stores.

The malware is offered to affiliates in the form of an archive file package containing multiple components to facilitate reverse shell, local privilege escalation, and remote desktop access. It's also designed to establish communications with the threat actor, allowing them to remotely control the infected system through a command-and-control (C2) panel. Typically executed on victim systems using PowerShell, Ragnar Loader integrates a bevy of anti-analysis techniques to resist detection and obscure control flow logic.

Japanese information and communication technology (ICT) provider NTT Communications Corporation (NTT Com) has disclosed a data breach impacting nearly 18,000 corporate clients. The incident, the telecoms firm says, occurred on February 5, when an unnamed threat actor accessed its internal systems, including those hosting information on services provided to customer companies. NTT Com says it ...