Watch out — those helpful Stack Overflow users might actually be malware-spreading criminals

Hackers are posing as helpful developers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Malicious actors have infiltrated the Stack Overflow community and are abusing the trust built among developers to push infostealingmalware, experts have warned.

A report from cybersecurity researchers Sonatype observed multiple occasions of cybercriminals pretending to be helpful members of the community, while actually  promoting malicious code as a solution.

As reported by the researchers, when someone would ask for debugging help, or similar advice, on Stack Overflow, the attackers would jump to the occasion, offering a malicious package uploaded to the PyPI repository as the solution.

Typosquatted packages

Typosquatted packages

There are a couple of ways to spot the ruse, the researchers further explained, including the fact that the Stack Overflow account offering advice was only created days ago, that the package being offered as the solution was also uploaded days ago, and that in some cases, the solution doesn’t even fit the problem.

“We further noticed that a StackOverflow account “EstAYA G” created roughly 2 days ago is now exploiting the platform’s community members seeking debugging help by directing them to install this malicious package as a “solution” to their issue even though the “solution” is unrelated to the questions posted by developers,” Sonatype said in its report. Another account pushing malware is called “PhilipsPY”.

Another way to spot the hacking attempt is by taking a closer look at the packages being offered - they are usually typo-squatted variants of legitimate, and often popular packages.

Those who ignore all of the red flags and do end up installing the malicious code will get an information-stealing malware that will grab their session cookies, passwords, browser history, stored credit card data, and whatever other information they have saved in their browsers and elsewhere on their devices.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While the identity of the attackers, and their endgame, is unknown, it’s safe to assume that they would try to sell the stolen information on the dark web.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Sonos Arc Ultra review: the best one-box Dolby Atmos soundbar for the price, with one grating flaw