A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can be explored using an interactive visualization tool.
"Cryptocurrency enthusiasts have been the target of another sophisticated and invasive malware campaign. This campaign was orchestrated through multiple attack vectors, including a malicious Python package named “cryptoaitools” on PyPI and deceptive GitHub repositories. This multi-stage malware, masquerading as a suite of cryptocurrency trading tools, aims to steal a wide range of sensitive data and drain victims’ crypto wallets."
It looks like a new reference to add for the attack-vector "[AV-100] Develop and Advertise Distinct Malicious Package from Scratch"
"Cryptocurrency enthusiasts have been the target of another sophisticated and invasive malware campaign. This campaign was orchestrated through multiple attack vectors, including a malicious Python package named “cryptoaitools” on PyPI and deceptive GitHub repositories. This multi-stage malware, masquerading as a suite of cryptocurrency trading tools, aims to steal a wide range of sensitive data and drain victims’ crypto wallets."
It looks like a new reference to add for the attack-vector "[AV-100] Develop and Advertise Distinct Malicious Package from Scratch"
Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack