"PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording all targeted. Hackers backed by the North Korean government [Lazarus] are weaponizing well-known pieces of open source software in an ongoing campaign that has already succeeded in compromising 'numerous' organizations in the media, defense and aerospace, and IT services industries, Microsoft said on Thursday..." https://arstechnica.com/information...re-weaponizing-all-kinds-of-open-source-apps/
Wow, these are the most scary attacks since it involves trojanized apps that mimmick the real ones. That's why I will always stick to my motto to never trust any app! They should always be monitored for suspicious behavior. However, these files weren't downloaded from the software developers directly, so it's not really a supply chain attack.
Here is yet another supply chain attack, it's a bit troubling if you can't even trust official download sites. That's why it's always a good idea to use a behavior blocker since AV's can often NOT spot these kind of attacks. BTW, I have never heard of Comm100. https://www.darkreading.com/attacks...ed-supply-chain-attack-comm100-chat-installer https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
