Hello, welcome to the Friday, July 13th, 2018 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida.

We've got a new variation of these extortion scams. Now, the way they usually work is that you will receive an email claiming that someone has

a video of you watching pornographic movies.

Now, then they expect you to pay them in Bitcoin in order to not release this material

to your friends.

What has changed today is that these emails also include

a username and a password of yours. Now, these are authentic username password pairs,

likely retrieved from one of the many password dumps that have been released over the last

month and years.

So this is supposed to make the email more plausible.

Haven't really figured out if any victims have paid yet.

It looks like all of these emails use different Bitcoin addresses.

Brian Krebs today also report about it.

His email looks exactly like the one that we received,

but with a different Bitcoin address. And then you have yet another problem with NPM modules getting a compromise. This time it's a part of the ESLint module.

ESLint is mostly used by developers in order to check JavaScript code for bugs.

But that's really who was targeted here.

Apparently one developer's credentials were compromised for ESLint.

These credentials were then used to push an update out that included additional code

that stole NPM credentials.

So developers that used this code were at risk of having their credentials stolen.

Now, unlike with some of having their credentials stolen.

...