In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted.NET developers via NuGet malicious packages, and the JFrog Security team was able to detect and report it as part of our regular activity of exposing supply chain attacks.
Code Signing Certificates are an essential part of the software security process. It is a form of digital signature that verifies to customers and other users of the software that the code has not been tampered with and remains secure. Code signing certificates come in three different types: Organization Validation (OV), Standard, and Extended Validation (EV). To understand them, we need to get to the basics of code signing and how it can change your life. So, let us get started.