| ▲ | cookiengineer 2 hours ago | |
Yes, the miasma worm does this since the new Hades campaign. Note that the 3rd wave now also uses a pth file in pypi packages that _search system wide_ for any index.js or .github/setup.js to find its own payload. It literally splits up the payload on purpose to avoid detection. Mitigation Tool: https://github.com/cookiengineer/antimiasma Technical Blog Post: https://cookie.engineer/weblog/articles/malware-insights-mia... | ||