Watch out — those helpful Stack Overflow users might actually be malware-spreading criminals

News
By
published

Hackers are posing as helpful developers

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Malicious actors have infiltrated the Stack Overflow community and are abusing the trust built among developers to push infostealing malware, experts have warned.

A report from cybersecurity researchers Sonatype observed multiple occasions of cybercriminals pretending to be helpful members of the community, while actually  promoting malicious code as a solution.

As reported by the researchers, when someone would ask for debugging help, or similar advice, on Stack Overflow, the attackers would jump to the occasion, offering a malicious package uploaded to the PyPI repository as the solution.

Typosquatted packages

There are a couple of ways to spot the ruse, the researchers further explained, including the fact that the Stack Overflow account offering advice was only created days ago, that the package being offered as the solution was also uploaded days ago, and that in some cases, the solution doesn’t even fit the problem.

"We further noticed that a StackOverflow account "EstAYA G" created roughly 2 days ago is now exploiting the platform's community members seeking debugging help by directing them to install this malicious package as a "solution" to their issue even though the "solution" is unrelated to the questions posted by developers," Sonatype said in its report. Another account pushing malware is called "PhilipsPY".

Another way to spot the hacking attempt is by taking a closer look at the packages being offered - they are usually typo-squatted variants of legitimate, and often popular packages. 

Those who ignore all of the red flags and do end up installing the malicious code will get an information-stealing malware that will grab their session cookies, passwords, browser history, stored credit card data, and whatever other information they have saved in their browsers and elsewhere on their devices. 

While the identity of the attackers, and their endgame, is unknown, it’s safe to assume that they would try to sell the stolen information on the dark web. 

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.