← Back to context Comment by bflesch 3 months ago Can you attribute this technique to a specific group? 6 comments bflesch Reply suzzer99 3 months ago A few years ago, I remember reading about some NFT contract attack that did something similar. So I'm sure it's out there now. _el1s7 3 months ago It's not a "group specific" technique.This is smart, but not really unusual. pants2 3 months ago Almost certainly Lazarus sflanagain 3 months ago The phishing email comes across a bit too amateur. Specifically the inclusion of:"we kindly ask that you complete this update your earliest convenience".The email was included here: https://cdn.prod.website-files.com/642adcaf364024654c71df23/...From this article: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... rurban 3 months ago Very amateur. Who would fall that, really? I can only suspect npm people who are used to unprofessional repo hosting practices.Such a Two Factor Authentication update request would have needed a blog post first, to announce such a fishy request. huflungdung 3 months ago [dead]
suzzer99 3 months ago A few years ago, I remember reading about some NFT contract attack that did something similar. So I'm sure it's out there now.
pants2 3 months ago Almost certainly Lazarus sflanagain 3 months ago The phishing email comes across a bit too amateur. Specifically the inclusion of:"we kindly ask that you complete this update your earliest convenience".The email was included here: https://cdn.prod.website-files.com/642adcaf364024654c71df23/...From this article: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... rurban 3 months ago Very amateur. Who would fall that, really? I can only suspect npm people who are used to unprofessional repo hosting practices.Such a Two Factor Authentication update request would have needed a blog post first, to announce such a fishy request. huflungdung 3 months ago [dead]
sflanagain 3 months ago The phishing email comes across a bit too amateur. Specifically the inclusion of:"we kindly ask that you complete this update your earliest convenience".The email was included here: https://cdn.prod.website-files.com/642adcaf364024654c71df23/...From this article: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... rurban 3 months ago Very amateur. Who would fall that, really? I can only suspect npm people who are used to unprofessional repo hosting practices.Such a Two Factor Authentication update request would have needed a blog post first, to announce such a fishy request. huflungdung 3 months ago [dead]
rurban 3 months ago Very amateur. Who would fall that, really? I can only suspect npm people who are used to unprofessional repo hosting practices.Such a Two Factor Authentication update request would have needed a blog post first, to announce such a fishy request.
A few years ago, I remember reading about some NFT contract attack that did something similar. So I'm sure it's out there now.
It's not a "group specific" technique.
This is smart, but not really unusual.
Almost certainly Lazarus
The phishing email comes across a bit too amateur. Specifically the inclusion of:
"we kindly ask that you complete this update your earliest convenience".
The email was included here: https://cdn.prod.website-files.com/642adcaf364024654c71df23/...
From this article: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com...
Very amateur. Who would fall that, really? I can only suspect npm people who are used to unprofessional repo hosting practices.
Such a Two Factor Authentication update request would have needed a blog post first, to announce such a fishy request.
[dead]