Hacking Activity: Issue 01

🌟 Editor's Note

Welcome to the first Issue of Hacking News Letter where we collect, read, analyze cyber security threats and provide you curated picks each week.

In this Issue:
- 🔥 Amazon Q supply chain attack 
- 🔥 Pypi num2words compromised and distributing malware 
- 🔥 Tracking Mimo threat actor Expansion 
- 🛠️ Open source tool by Google to detect secrets
- 🛠️ Monitor MCP with eBPF

📦 Software Supply Chain Threats

Amazon Q Supply Chain Attack - Compromised extension wiping users computer

A hacker successfully planted malicious code in Amazon's official VS Code extension that could potentially wipe users' computers. A github user named "lkmanka58" created hostile GitHub issues complaining that Amazon Q was "deceptive" and calling it "a donkey with a keyboard." Then modified a backup file to include malicious prompt injection code. The code wipe the users computer along side with cloud accounts. Amazon released version 1.84.0 of their VS Code extension, unknowingly including the malicious code, then reverted the code and released a new version after the malicious code discovered

Pypi popular package num2words compromised and distributing Scavenger malware

The popular num2words package has been compromised via what seems likely a phishing attack against its author. The malicious version v0.5.15 version contains a Scavenger Loader DLL that contains nearly identical functionality to that used in the esling-config-prettier compromise on July 18th.

🔥 Threat Actors News

Mimo’lette: Tracking Mimo's Expansion to Magento CMS and Docker

Full disclosure: I work at Datadog and Ryan, Greg and Matt are my colleagues.

Datadog security research team Identified a new campaign attributed to Mimolette threat actor . What’s interesting about this campaign that it target Magento CMS and Docker environment which indicate that the threat actors evolve their techniques and tactics deploying tools like gsockets and using alamdar.so rootkit. Additional to this target Datadog security research team identifyied a variant of Mimo’s malware targeting misconfigured Docker instances which a new target for the group as far as we know.

🛠️ Open Source Tools

Veles - Open source tool by Google to detect secrets

Yet another tool released for secret scanning, this time is from the giant google. Its released as a module their popular open source SCA Library https://github.com/google/osv-scalibr but it designed to work as standalone too. Currently support GCP API and service accounts and RubyGem API. So at the first glance it seems lacking coverage but we will see in the upcoming months if it will catch up with the popular secrets scanners.

MCPSpy - Monitor MCP with eBPF

interesting approach to monitor MCP communication at the kernel level using eBPF. The tool pride visibility into MCP communication which open the door to use the tool for different use cases Debugging, Performance analysis and of course security analysis.

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

Thanks for reading!