SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script
10 snips
Jun 9, 2025 Learn how a powerful script, pngdump.py, is now able to extract hidden data from PNG files. Delve into the alarming discovery of 16 backdoored npm packages that could threaten thousands of users. MacOS faces a new challenge as fake captcha schemes lure users into malware traps. Plus, find out about Microsoft's handy PowerShell script to recover mistakenly deleted inetpub folders. Stay informed about these evolving threats and the creative strategies being developed to counter them!
AI Snips
Chapters
Transcript
Episode notes
PNG Data Extraction Insight
- PNG files can contain unexpected appended data following the ID marker, useful for malware analysis.
- Pngdump.py now extracts this appended data, simplifying the detection of hidden file content.
React Native Packages Backdoor Attack
- A recent supply chain attack compromised 16 React Native npm packages delivering a backdoor.
- Attackers obfuscated code with whitespace tricks to evade detection despite millions of downloads.
Mirai Botnet Evolution
- Mirai botnet continues to expand by exploiting additional vulnerabilities in DVR devices.
- Despite complex exploits, impact remains an increase in compromised devices, reflecting ongoing security issues.