The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.

Since Russian troops invaded Ukraine more than three years ago, Russian technology companies and executives have been widely sanctioned for supporting the Kremlin. That includes Vladimir Kiriyenko, the son of one of Vladimir Putin’s top aides and the CEO of VK Group, which runs VK, Russia’s Facebook equivalent that has increasingly shifted towards the regime’s repressive positioning.

Now cybersecurity researchers are warning that a widely used piece of open source code—which is linked to Kiriyenko’s company and managed by Russian developers—may pose a “persistent” national security risk to the United States. The open source software (OSS), called easyjson, has been widely used by the US Department of Defense and “extensively” across software used in the finance, technology, and healthcare sectors, say researchers at security company Hunted Labs, which is behind the claims. The fear is that Russia could alter easyjson to steal data or otherwise be abused.

“You have this really critical package that’s basically a linchpin for the cloud native ecosystem, that’s maintained by a group of individuals based in Moscow belonging to an organization that has this suspicious history,” says Hayden Smith, a cofounder at Hunted Labs.

For decades, open source software has underpinned large swathes of the technology industry and the systems people rely on day to day. Open source technology allows anyone to see and modify code, helping to make improvements, detect security vulnerabilities, and apply independent scrutiny that’s absent from the closed tech of corporate giants. However, the fracturing of geopolitical norms and the specter of stealthy supply chain attacks has led to an increase in questions about risk levels of "foreign" code.

Easyjson is a code serialization tool for the Go programming language and is often used across the wider cloud ecosystem, being present in other open source software, according to Hunted Labs. The package is hosted on GitHub by a MailRu account, which is owned by VK after the mail company rebranded itself in 2021. The VK Group itself is not sanctioned. Easyjson has been available on Github since 2016, with most of its updates coming before 2020. Kiriyenko became the CEO of VK Group in December 2021 and was sanctioned in February 2022.

Hunted Labs’ analysis shared with WIRED shows the most active developers on the project in recent years have listed themselves as being based in Moscow. Smith says that Hunted Labs has not identified vulnerabilities in the easyjson code.

However, the link to the sanctioned CEO’s company, plus Russia’s aggressive state-backed cyberattacks, may increase potential risks, Smith says. Research from Hunted Labs details how code serialization tools could be abused by malicious hackers. “A Russian-controlled software package could be used as a ‘sleeper cell’ to cause serious harm to critical US infrastructure or for espionage and weaponized influence campaigns,” it says.

“Nation states take on a strategic positioning,” says George Barnes, a former deputy director at the National Security Agency, who spent 36 years at the NSA and now acts as a senior advisor and investor in Hunted Labs. Barnes says that hackers within Russia’s intelligence agencies could see easyjson as a potential opportunity for abuse in the future.

“It is totally efficient code. There’s no known vulnerability about it, hence no other company has identified anything wrong with it,” Barnes says. “Yet the people who actually own it are under the guise of VK, which is tight with the Kremlin,” he says. “If I’m sitting there in the GRU or the FSB and I’m looking at the laundry list of opportunities… this is perfect. It’s just lying there,” Barnes says, referencing Russia’s foreign military and domestic security agencies.

VK Group did not respond to WIRED’s request for comment about easyjson. The US Department of Defense did not respond to a request for comment about the inclusion of easyjson in its software setup.

“NSA does not have a comment to make on this specific software,” a spokesperson for the National Security Agency says. “The NSA Cybersecurity Collaboration Center does welcome tips from the private sector—when a tip is received, NSA triages the tip against our own insights to fully understand the threat and, if corroborated, share any relevant mitigations with the community.” A spokesperson for the US Cybersecurity and Infrastructure Security Agency, which has faced upheaval under the second Trump administration, says: “We are going to refer you back to Hunted Labs.”

GitHub, a code repository owned by Microsoft, says that while it will investigate issues and take action where its policies are broken, it is not aware of malicious code in easyjson and VK is not sanctioned itself. Other tech companies’ treatment of VK varies. After Britain sanctioned the leaders of Russian banks who own stakes in VK in September 2022, for example, Apple removed its social media app from its App Store.

Dan Lorenc, the CEO of supply chain security firm Chainguard, says that with easyjson, the connections to Russia are in “plain sight” and that there is a “slightly higher” cybersecurity risk than those of other software libraries. He adds that the red flags around other open source technology may not be so obvious.

“In the overall open source space, you don’t necessarily even know where people are most of the time,” Lorenc says, pointing out that many developers do not disclose their identity or locations online, and even if they do, it is not always possible to verify the details are correct. “The code is what we have to trust and the code and the systems that are used to build that code. People are important, but we’re just not in a world where we can push the trust down to the individuals,” Lorenc says.

As Russia’s full-scale invasion of Ukraine has unfolded, there has been increased scrutiny on the use of open source systems and the impact of sanctions upon entities involved in the development. In October last year, a Linux kernel maintainer removed 11 Russian developers who were involved in the open souce project, broadly citing sanctions as the reason for the change. Then in January this year, the Linux Foundation issued guidance covering how international sanctions can impact open source, saying developers should be cautious of who they interact with and the nature of interactions.

The shift in perceived risk is coupled with the threat of supply chain attacks. Last year, corporate developers and the open source world were rocked as a mysterious attacker known as Jia Tan stealthily installed a backdoor in the widely used XZ Utils software, after spending two years diligently updating it without any signs of trouble. The backdoor was only discovered by chance.

“Years ago, OSS was developed by small groups of trusted developers who were known to one another,” says Nancy Mead, a fellow of the Carnegie Mellon University Software Engineering Institute. “In that time frame, no one expected a trusted developer of being a hacker, and the relatively slower pace provided time for review. These days, with automatic release, incorporation of updates, and the wide usage of OSS, the old assumptions are no longer valid.”

Scott Hissam, a senior member of technical staff also from the Carnegie Software Engineering Institute, says there can often be consideration about how many maintainers and the number of organizations that work on an open source project, but there is currently not a “mass movement” to consider other details about OSS projects. “However, it is coming, and there are several activities that collect details about OSS projects, which OSS consumers can use to get more insight into OSS projects and their activities,” Hissam says, pointing to two examples.

Hunted Lab’s Smith says he is currently looking into the provenance of other open source projects and the risks that could come with them, including scrutinizing countries known to have carried out cyberattacks against US entities. He says he is not encouraging people to avoid open source software at all, more that risk considerations have shifted over time. “We’re telling you to just make really good risk informed decisions when you're trying to use open source,” he says. “Open source software is basically good until it's not.”

Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US

A new study found that code generated by AI is more likely to contain made-up information that can be used to trick software into interacting with malicious code.

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages that can steal data, plant backdoors, and carry out other nefarious actions, newly published research shows.

The study, which used 16 of the most widely used large language models to generate 576,000 code samples, found that 440,000 of the package dependencies they contained were “hallucinated,” meaning they were nonexistent. Open source models hallucinated the most, with 21 percent of the dependencies linking to nonexistent libraries. A dependency is an essential code component that a separate piece of code requires to work properly. Dependencies save developers the hassle of rewriting code and are an essential part of the modern software supply chain.

****Package Hallucination Flashbacks****

These nonexistent dependencies represent a threat to the software supply chain by exacerbating so-called dependency confusion attacks. These attacks work by causing a software package to access the wrong component dependency, for instance by publishing a malicious package and giving it the same name as the legitimate one but with a later version stamp. Software that depends on the package will, in some cases, choose the malicious version rather than the legitimate one because the former appears to be more recent.

Also known as package confusion, this form of attack was first demonstrated in 2021 in a proof-of-concept exploit that executed counterfeit code on networks belonging to some of the biggest companies on the planet, Apple, Microsoft, and Tesla included. It's one type of technique used in software supply-chain attacks, which aim to poison software at its very source in an attempt to infect all users downstream.

“Once the attacker publishes a package under the hallucinated name, containing some malicious code, they rely on the model suggesting that name to unsuspecting users,” Joseph Spracklen, a University of Texas at San Antonio PhD student and lead researcher, told Ars via email. “If a user trusts the LLM's output and installs the package without carefully verifying it, the attacker’s payload, hidden in the malicious package, would be executed on the user's system.”

In AI, hallucinations occur when an LLM produces outputs that are factually incorrect, nonsensical, or completely unrelated to the task it was assigned. Hallucinations have long dogged LLMs because they degrade their usefulness and trustworthiness and have proven vexingly difficult to predict and remedy. In a paper scheduled to be presented at the 2025 USENIX Security Symposium, they have dubbed the phenomenon “package hallucination.”

For the study, the researchers ran 30 tests, 16 in the Python programming language and 14 in JavaScript, that generated 19,200 code samples per test, for a total of 576,000 code samples. Of the 2.23 million package references contained in those samples, 440,445, or 19.7 percent, pointed to packages that didn’t exist. Among these 440,445 package hallucinations, 205,474 had unique package names.

One of the things that makes package hallucinations potentially useful in supply-chain attacks is that 43 percent of package hallucinations were repeated over 10 queries. “In addition,” the researchers wrote, “58 percent of the time, a hallucinated package is repeated more than once in 10 iterations, which shows that the majority of hallucinations are not simply random errors but a repeatable phenomenon that persists across multiple iterations. This is significant, because a persistent hallucination is more valuable for malicious actors looking to exploit this vulnerability and makes the hallucination attack vector a more viable threat.”

In other words, many package hallucinations aren’t random, one-off errors. Rather, specific names of nonexistent packages are repeated over and over. Attackers could seize on the pattern by identifying nonexistent packages that are repeatedly hallucinated. The attackers would then publish malware using those names and wait for them to be accessed by large numbers of developers.

The study uncovered disparities in the LLMs and programming languages that produced the most package hallucinations. The average percentage of package hallucinations produced by open source LLMs such as CodeLlama and DeepSeek was nearly 22 percent, compared with a little more than 5 percent by commercial models. Code written in Python resulted in fewer hallucinations than JavaScript code, with an average of almost 16 percent compared with a little over 21 percent for JavaScript. Asked what caused the differences, Spracklen wrote:

_“This is a difficult question because large language models are extraordinarily complex systems, making it hard to directly trace causality. That said, we observed a significant disparity between commercial models (such as the ChatGPT series) and open-source models, which is almost certainly attributable to the much larger parameter counts of the commercial variants. Most estimates suggest that ChatGPT models have at least 10 times more parameters than the open-source models we tested, though the exact architecture and training details remain proprietary. Interestingly, among open-source models, we did not find a clear link between model size and hallucination rate, likely because they all operate within a relatively smaller parameter range._

_“Beyond model size, differences in training data, fine-tuning, instruction training, and safety tuning all likely play a role in package hallucination rate. These processes are intended to improve model usability and reduce certain types of errors, but they may have unforeseen downstream effects on phenomena like package hallucination._

_“Similarly, the higher hallucination rate for JavaScript packages compared to Python is also difficult to attribute definitively. We speculate that it stems from the fact that JavaScript has roughly 10 times more packages in its ecosystem than Python, combined with a more complicated namespace. With a much larger and more complex package landscape, it becomes harder for models to accurately recall specific package names, leading to greater uncertainty in their internal predictions and, ultimately, a higher rate of hallucinated packages.”_

The findings are the latest to demonstrate the inherent untrustworthiness of LLM output. With Microsoft CTO Kevin Scott predicting that 95 percent of code will be AI-generated within five years, here’s hoping developers heed the message.

_This story originally appeared on_ _Ars Technica._

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

France accuses Russia’s APT28 hacking group (Fancy Bear) of targeting French government entities in a cyber espionage campaign.…

France accuses Russia’s APT28 hacking group (Fancy Bear) of targeting French government entities in a cyber espionage campaign. Learn about the GRU-linked attacks, tactics, and previous incidents like the TV5Monde hack.

France has accused the Russian state-backed hacking group APT28, linked to Russia’s military intelligence agency GRU (Russian General Staff Main Intelligence Directorate), of targeting or compromising a dozen French government and other organizations.

Active since at least 2004 under names like BlueDelta, Fancy Bear, Forest Blizzard, Sednit, and Sofacy; APT28 typically targets government, military, energy, and media in Europe and the US.

Now, a report by the French cybersecurity agency ANSSI has attributed recent attacks on French local government, administration, defence, aerospace, research, finance, and think-tank organizations to APT28.

APT28’s Targets in France since 2021 (Source: ANSSI)

These attacks, primarily aimed at governmental, diplomatic, and research entities in 2024, utilized phishing, vulnerability exploitation, and brute-force attacks for initial access, often relying on inexpensive, outsourced infrastructure.

This infrastructure, as per ANSSI’s report (PDF), includes rented servers, free hosting services, VPNs (Virtual Private Networks), and temporary email addresses. This approach provides flexibility and enhances their ability to remain undetected.  

ANSSI noted APT28’s targeting of Roundcube email servers to distribute the HeadLace backdoor, use of the OceanMap stealer, and phishing campaigns against UKR.NET and Yahoo users, employing compromised routers and other methods to conceal their infrastructure.

France’s Ministry for Europe and Foreign Affairs strongly condemned Russia’s use of APT28, highlighting past attacks on the 2024 Olympics, and attempted interference in the 2017 elections. They emphasized that such actions violate UN norms of responsible state behaviour in cyberspace and pledged to counter Russia’s malicious cyber activities.

“France condemns in the strongest terms the use by Russia’s military intelligence service of the APT28 attack group, at the origin of several cyber-attacks on French interests,” the French foreign ministry’s statement read.

****France Accused APT28 of Impersonating ISIS Hackers****

Hackread.com has been following the activities of APT28, with a previous report linking it to a 2015 cyberattack on TV5Monde. Initially, that attack was attributed to a group posing as ISIS/ISIL militants, known as “CyberCaliphate,” who claimed responsibility by posting pro-ISIS messages on the broadcaster’s social media and temporarily blacking out their global TV channel.

However, subsequent investigations revealed matching IP addresses and techniques used by APT28, leading French authorities and cybersecurity experts to suspect Russian government involvement.

A similar cyberattack targeted the BBC’s live transmission in April 2015. However, it remains unclear whether the British government linked the incident to APT28 or acknowledged its impersonation tactics.

Nevertheless, this pattern of targeted activity indicates APT28’s persistent threat to France and other nations. It also suggests efforts to gather strategic intelligence and influence public perception within French society.

From TV5Monde to Govt: France Blames Russia’s APT28 for Cyberattacks

WordPress sites are under threat from a deceptive anti-malware plugin. Learn how this malware grants backdoor access, hides…

WordPress sites are under threat from a deceptive anti-malware plugin. Learn how this malware grants backdoor access, hides itself, and even modifies core files like wp-cron.php for persistence. Stay protected.

Security researchers at Wordfence recently uncovered a tricky piece of malware targeting WordPress websites. This malicious software is designed to look like a genuine anti-malware plugin, often appearing in the file system with names such as ‘WP-antymalwary-bot.php’.

According to Wordfence Threat Intelligence Team’s technical blog post, this fake plugin contains several dangerous capabilities. Such as, it allows attackers to control an infected website, hide from the WordPress admin dashboard, and execute malicious code remotely. It also has a “pinging” function that sends information back to a C&C server, spreads into other directories, and injects harmful JavaScript, which is then used to display unwanted advertisements.

Further analysis revealed that the malware uses a check_plugin GET parameter for status checks and, more dangerously, an emergency_login GET parameter for immediate admin access by providing a password. It also uses the REST API for remote code execution via a POST request to execute_admin_command, enabling cache clearing or injecting PHP code into theme headers. The hide\_plugin\_from\_list function conceals it from the admin dashboard.

The malware often comes with a modified wp-cron.php file that can reactivate the plugin if removed, meaning even if the plugin file is deleted, the malicious code in wp-cron.php can reinstall it upon the next site visit, ensuring persistence.

An updated version reports to a C&C server (45.61.136.85) and differently handles code injection by fetching from a foreign ads.php file and injecting JavaScript into the header. It also stores ad server URLs, anticipating future use.

Initial infection likely occurs via wp-cron.php, possibly through compromised hosting or FTP credentials. The malware has been seen under names like WP-antymalwary-bot.php and addons.php.

According to the company’s blog post, the issue was discovered on January 22, 2025, during a website cleanup performed by a Wordfence security analyst after which a specific malware signature (a unique identifier for the malicious code) was released.

Since then, many new versions of this malware have emerged, but Wordfence confirms that their original signature from January is still effective at detecting them. To provide an extra layer of security, a firewall rule (a set of instructions to block malicious activity) was released on April 23, 2025, for Wordfence Premium, Care, and Response users, preventing the execution of the malware file. Free Wordfence users will receive this additional protection on May 23, 2025.

This WordPress malware, cleverly disguised as a security plugin, demonstrates the persistent and increasingly sophisticated threats targeting website owners. Its advanced persistence mechanism makes thorough cleanup crucial for affected websites. Lastly, website owners are strongly advised to stay informed about emerging threats, utilize reputable security plugins, and ensure timely updates to protect their sites effectively.

Sneaky WordPress Malware Disguised as Anti-Malware Plugin

China-linked hackers targeted Uyghur activists using a Trojanized UyghurEditPP app in a spear-phishing campaign, Citizen Lab researchers reveal.…

China-linked hackers targeted Uyghur activists using a Trojanized UyghurEditPP app in a spear-phishing campaign, Citizen Lab researchers reveal.

Citizen Lab reveals a targeted spear phishing campaign aimed at Uyghur activists, deploying surveillance malware disguised as a legitimate Uyghur language tool. Learn about the attack methods and suspected Chinese government involvement.

In March 2025, several leading figures within the World Uyghur Congress (WUC), an international organization based in Munich that advocates for the rights of the Uyghur people, became the targets of a carefully orchestrated cyber espionage attempt.

Researchers at the University of Toronto’s Citizen Lab report that these individuals received warnings from Google, indicating that their online accounts were under attack, allegedly, by state-sponsored actors. 

Google Alerts Sent to WUC (Source: The Citizen Lab)

The method used in this campaign was spear phishing, which is a targeted form of attack where emails are crafted to appear legitimate and trustworthy to specific individuals. In this case, the malicious emails impersonated a known contact from a partner organization of the WUC.

Phishing Email (Source: The Citizen Lab)

These emails contained links to Google Drive, which, if clicked, would lead to the download of a password-protected archive file. This archive held a compromised version of UyghurEditPP, a genuine open-source word processing and spell-check tool specifically designed for the Uyghur language.

The recipients had no idea that this seemingly harmless application was Trojanized, meaning it contained a hidden backdoor. Once the infected UyghurEditPP was executed on a victim’s computer, this backdoor would silently gather system information, including the machine name, username, IP address, operating system version, and a unique hash derived from the hardware. This data was then transmitted to a remote command-and-control (C2) server.

The server’s operators could then send instructions back to the infected device, enabling them to perform various malicious actions such as downloading files from the target, uploading additional malicious files (including further malware), and executing commands through uploaded plugins. 

The Citizen Lab’s analysis of the campaign’s infrastructure reveals two distinct command-and-control clusters. The first, likely active between June 2024 and February 2025, used domain names mimicking the UyghurEditPP tool’s developer (gheyretcom, gheyretnet, and uheyretcom).

The second, targeting the WUC between December 2024 and March 2025, used subdomains registered through Dynu Services, incorporating Uyghur words but not directly referencing the tool or its developer.

Both clusters shared the same Microsoft certificate and used IP addresses belonging to Choopa LLC, a hosting provider used by various cyber threat actors. This dual infrastructure either indicates attackers’ shifting tactics or targeting of different segments within the Uyghur community.

Furthermore, researchers highlighted the high level of social engineering in the delivery method of the surveillance malware, which itself was not as technologically advanced. The attackers demonstrated a deep understanding of the Uyghur community, leveraging the trust of the original developer of UyghurEditPP, known to members of the WUC.

This suggests a highly customized and targeted operation, possibly beginning in May 2024. The campaign likely involved (PDF) ties to the Chinese government, aligning with their known efforts to conduct transnational repression against the Uyghur community.

China Hackers Used Trojanized UyghurEditPP App to Target Uyghur Activists

Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead.
WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running

WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors

A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…

A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how to check if your SAP Java systems are affected and the immediate steps to take.

A serious security vulnerability, identified as CVE-2025-31324, was discovered in SAP NetWeaver’s Visual Composer development server. This critical issue, scoring a perfect 10.0 in severity, stems from a missing check that should verify if a user has the correct permissions and is being actively exploited, reveals a report from Onapsis Threat Intelligence. 

Research reveals that the flaw is active on between 50% and 70% of existing SAP NetWeaver Application Server Java systems, even though it’s not automatically installed.

Reportedly, the vulnerability, first documented by ReliaQuest, exists in the “developmentserver” part of the SAP Visual Composer, a component of SAP NetWeaver 7.xx, designed to create business tools without writing code.

The problem occurs because the system doesn’t properly check if someone accessing the Metadata Uploader feature is actually allowed to do so. This lack of proper authentication and authorization allows unlogged users to access powerful functions.

On April 22nd, ReliaQuest observed suspicious activity on patched SAP NetWeaver servers, suggesting attackers might have been using a different, unknown vulnerability. On the same day, SAP acknowledged unusual files being found on SAP NetWeaver Java systems, as described in their knowledge base article SAP KBA 3593336. On April 24th, SAP released a FAQ document (SAP Note 3596125) confirming that files with extensions like ‘.jsp’, ‘.java’, or ‘.class’ found in specific folders like …\\irj\\root, …\\irj\\work, and …\\irj\\work\\sync are likely malicious. 

Finally, on April 24th, SAP officially announced CVE-2025-31324, clearly stating it was due to a “Missing Authorization check in SAP NetWeaver (Visual Composer development server)”. They confirmed that the root cause is a lack of proper permission checks, allowing unauthorized individuals to upload dangerous executable files and an out-of-band emergency NetWeaver update has been released.

This flaw, classified as a Missing Authorization issue (CWE-862) or Missing Authentication for Critical Function (CWE-306), poses a significant risk of system takeover if exploited, which is why it has earned the highest severity score.

It can be remotely exploited using standard web communication methods (HTTP/HTTPS). Security experts have observed that attackers are targeting a specific web address: /developmentserver/metadatauploader, by sending specially crafted requests and since no login or authentication is needed to carry out an attack, anyone, even without an account, could interact with the system’s vulnerable part and upload any file.

According to Onapsis’s blog post, malicious code files called webshells titled “helper.jsp” or “cache.jsp” are already being uploaded, allowing attackers to execute commands with high-level permissions as software administrators (<sid>adm) and obtaining full control over SAP resources.

> _“Threat actors have been observed uploading web shells to vulnerable systems. These webshells allow the threat actor to execute arbitrary commands in the system context, with the privileges of the adm Operating System user, giving them full access to all SAP Resources.”_
> 
> Juan Perez-Etchegoyen – CTO at Onapsis

SAP urges customers to promptly assess their risk by checking for Java systems, the presence and version of the VCFRAMEWORK component (especially if older than 7.5 or specifically 7.0 with a support package below 16), as the vulnerable component might not be present in basic Java stack or default Solution Manager installations. Implementing the official fix is the only solution to mitigate this risk.

Benjamin Harris, CEO of Attack Surface Management firm watchTowr, warned that unauthenticated attackers are actively exploiting a vulnerability in SAP NetWeaver to upload arbitrary files, leading to full system compromise.

“This isn’t theoretical, it’s happening now,” Harris said, noting that attackers are planting web shell backdoors to deepen their access. He urged immediate patching via SAP Security Note 3594142, emphasizing, “If you thought you had time, you don’t.” Harris added that watchTowr clients were alerted to exposures within 12 hours, thanks to the platform’s rapid detection capabilities.

SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells

In this episode of Uncanny Valley, our hosts explain how to prepare for travel to and from the United States—and how to stay safe.

Protecting Your Phone—and Your Privacy—at the US Border

XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update…

XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update xrpl package to 4.2.5 or 2.14.3 immediately.

A serious security breach targeting users of the XRP Ledger has been uncovered by the Aikido Intel threat detection system. Aikido’s research reveals that it was a sophisticated supply chain attack that compromised the official xrpl Node Package Manager (NPM) package, a widely utilized software development kit (SDK) for interacting with the XRP Ledger.

This malicious infiltration resulted in the introduction of a backdoor designed to steal users’ private keys, granting attackers complete control over their cryptocurrency wallets. Suspicion was raised on April 21st at 20:53 GMT+0 when five newly released versions of the xrpl package on NPM, which has over 140,000 weekly downloads, contained malicious code that did not align with the official releases on GitHub.

The compromised versions were 4.2.4, 4.2.3, 4.2.2, 4.2.1, and 2.14.2 whereas the latest legitimate version on GitHub was 4.2.0 at the time of the attack. This discrepancy raised concerns.

“The fact that these packages showed up without a matching release on GitHub is very suspicious,” Aikido’s malware researcher Charlie Eriksen revealed in the blog post shared exclusively with Hackread.com.

Further probing revealed unusual code in the src/index.ts file of version 4.2.4 of rogue packages (tagged as the latest version), which had a harmless-looking function named checkValidityOfSeed, but it led to an HTTP POST request to an unfamiliar domain, 0x9cxyz. The domain’s registration information analysis indicated it was newly created, fuelling concerns about its legitimacy.

Source: Aikido

Digging deeper, researchers discovered that checkValidityOfSeed was being called within critical functions, including the constructor of the Wallet class in src/Wallet/index.ts. This allowed the malicious code to execute when a Wallet object was instantiated within an application using the compromised xrpl package, attempting to send the user’s private key (needed to access and manage a user’s XRP funds) to the attacker’s server.

This allowed the backdoor to steal private keys “as soon as a Wallet object is instantiated.”

Researchers also noted that attackers’ methods evolved. Initial malicious versions (4.2.1 and 4.2.2) showed different modifications compared to later compromised versions. The first versions introduced malicious code into built JavaScript files, removing scripts and prettier configurations (the settings and rules that govern how the Prettier code formatter automatically formats your code) from the package.json file. Versions 4.2.3 and 4.2.4 integrated the malicious code directly into the TypeScript source code, indicating a refinement in their approach to remain undetected.

Following the disclosure of this supply chain attack, the official xrpl team released two new, clean versions of the package: 4.2.5 and 2.14.3. Users are strongly encouraged to update to these secure versions immediately to mitigate any potential risk.

Researchers also highlighted that “any seed or private key that was processed by the code has been compromised,” and hence should be considered unusable. Any cryptocurrency assets associated with them should be immediately transferred to a new, secure wallet with a newly generated private key.

Backdoor Found in Official XRP Ledger NPM Package

In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know.

Thursday, April 24, 2025 14:00

Welcome to this week’s edition of the Threat Source newsletter. 

"Be curious, not judgmental," Ted Lasso says, misattributing Walt Whitman. We forgive Ted because... well, he's Ted Lasso. 

If you’ve not watched the first season of Ted Lasso, there is a defining moment where Ted confronts a nefarious bully. While putting him in his place with kindness and skill, Ted refers to this quote. It’s a defining moment not only for Ted but for the secondary and tertiary characters in the scene. One of the questions that I'm asked most when public speaking is “How do I get into Talos?” For people considering a new career, it’s “How do I get into cybersecurity?” To all those questions, my answer is "Be curious, not judgmental." 

I think there is no greater skill necessary in security than intellectual curiosity. If you have that, you can learn the rest. The hiring process to get in the door at Talos is extremely challenging and the candidates are incredible. That's why when I interview candidates for various roles in Talos I rarely, if ever, fixate on a niche skillset, instead focusing on the prospective employee’s intellectual curiosity. I ask weird questions that don’t seem related to the specific job role, not in an effort to throw them off but simply because I am curious and hope that they are as well.  

_Do you like to read? Do you ever read books outside of your normal wheelhouse? What are some favorite fiction and non-fiction books? Do you have a favorite craft or hobby? How many different Linux distributions have you installed? What are your 5 favorite board games? Do you play video games, and if so, what are a few favorites from each platform and decade?_   

These kinds of questions help me identify what kind of innate curiosity that the prospective candidate possesses and from their answers we will invariably fall down a rabbit hole while my co-workers shake their heads at me in disdain.  

Beyond that, I always listen for my favorite answer: “I don’t know, but...” There’s no better answer to a very difficult question than “I don’t know, but I’d probably try X,” or “I don’t know, but I’d love to learn...” 

Barbecue sauce.

**The one big thing **

Cisco Talos has released a blog post on the initial access broker (IAB) we call “ToyMaker” — a financially-motivated threat actor. They deploy their custom-made backdoor we call “LAGTOY” and extract credentials from the victim enterprise. LAGTOY can be used to create reverse shells and execute commands on infected endpoints. 

**Why do I care? **

A compromise by LAGTOY may result in access handover to a secondary threat actor. Specifically, we’ve observed ToyMaker hand over access to Cactus, a double extortion gang who employed their own tactics, techniques and procedures (TTPs) to carry out malicious actions across the victim’s network. Our blog details a timeline with turnaround time from ToyMaker to Cactus. 

**So now what?**

Cisco Talos has released information to help ensure protection including techniques and related IOCs. Check out the blog post for full details.

**Top security headlines of the week **

**Apple says zero-day bugs exploited against ‘specific targeted individuals’ using iOS.** Apple has released new software updates across its product line to fix two security vulnerabilities, which the company said may have been actively used to hack customers running its mobile software, iOS. (TechCrunch)

**Microsoft purges millions of cloud tenants in the wake of Storm-0558.** In an effort to thwart state-sponsored activity stemming from preventable security issues, Microsoft is making significant efforts to purge inactive Azure cloud tenants and take comprehensive inventory of cloud and network assets. (DarkReading) 

**Researchers warn of critical flaw found in Erlang OTP SSH.** The vulnerability could allow unauthenticated attackers to gain full access to a device. Many of these devices are widely used in IoT and telecom platforms. (cybersecuritydrive) 

**CISA flags actively exploited vulnerability in SonicWall SMA devices.** The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting SonicWall Secure Mobile Access 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. (The Hacker News)

**Can’t get enough Talos? **

*   Talos Takes: Year in Review Special: Part 3 
*   TL,DR: Attacks on identity, and Multi Factor Authentication 
*   Unmasking the new XorDDoS controller and infrastructure

**Upcoming events where you can find Talos **

*   RSA (Apr. 28 – May 1) San Francisco, CA 
*   PIVOTcon (May 7 – 9) Malaga, Spain 
*   CTA TIPS 2025 (May 14 – 15)  Arlington, VA 
*   Cisco Connect UK & Ireland (May 20) London, UK 
*   BotConf (May 20 – 23) Angers, France 
*   Cisco Live U.S. (June 8 – 12) San Diego, CA

**Most prevalent malware files from Talos telemetry over the past week  **

**SHA256: 2462569cf24a5a1e313390fa3c52ed05c7f36ef759c4c8f5194348deca022277**    
MD5: 42c016ce22ab7360fb7bc7def3a17b04    
VirusTotal: https://www.virustotal.com/gui/file/2462569cf24a5a1e313390fa3c52ed05c7f36ef759c4c8f5194348deca022277    
Typical Filename: Rainmeter-4.5.22.exe     
Detection Name: Artemis!Trojan  

**SHA 256:7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5**      
MD5: ff1b6bb151cf9f671c929a4cbdb64d86      
VirusTotal : https://www.virustotal.com/gui/file/7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5    
Typical Filename: endpoint.query        
Detection Name: W32.File.MalParent    

**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**    
MD5: 2915b3f8b703eb744fc54c81f4a9c67f      
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507      
Typical Filename: VID001.exe      
Detection Name: Win.Worm.Bitmin-9847045-0  

**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91**      
MD5: 7bdbd180c081fa63ca94f9c22c457376      
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91     
Typical Filename: IMG001.exe     
Detection Name: Win.Trojan.Miner-9835871-0

Tag

#backdoor