{"id":39754,"date":"2021-02-26T17:55:00","date_gmt":"2021-02-26T17:55:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities---threats\/advanced-threats\/attackers-turn-struggling-software-projects-into-trojan-horses\/d\/d-id\/1340266"},"modified":"2021-02-26T17:55:00","modified_gmt":"2021-02-26T17:55:00","slug":"attackers-turn-struggling-software-projects-into-trojan-horses","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/","title":{"rendered":"Attackers Turn Struggling Software Projects Into Trojan Horses"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.<\/span><\/p>\n<p class>On Dec. 4, users of a simple Android program \u2014 a barcode scanner \u2014 started witnessing odd behavior when their smartphones suddenly began opening up their browser to display unwanted advertisements.<\/p>\n<p>While the devices exhibited the hallmarks of a malware or adware infection, the compromises puzzled most users since they had not recently downloaded new software, according to an analysis by endpoint security firm Malwarebytes. Instead, the malicious behaviors came from a software update to a popular application \u2014 the generically named &#8220;Barcode Scanner,&#8221; with millions of downloads. An enterprising group bought the code and then pushed a malicious update to every user of the application.<\/p>\n<p>The supply chain attack is a new technique \u2014 buying applications, along with their software base, and then pushing out updates with malicious code \u2014 that will likely grow in popularity among cybercriminals, says Nathan Collier, senior malware intelligence analyst at Malwarebytes.<\/p>\n<p>&#8220;Now that this has been done, I can definitely see it happening more in the future,&#8221; he says. &#8220;Honestly, for malware developers it&#8217;s kind of genius that they can just do this \u2014 let someone else build something, have it on Google Play for years. You are buying the ability to update all of the users to a new version of the app.&#8221;<\/p>\n<p>Already, a second group used a similar tactic to infect millions of users with malicious code through a popular Google Chrome extension. In early February, Google removed the Great Suspender utility for Chrome, which reduces the memory consumed by the browser through shutting down old tab processes, after the original maintainer of the open source project sold the code to an unknown group. Users of the extension noticed in October 2020 that new owners had installed updated code on users&#8217; systems without notification&nbsp;\u2014 code that appeared to behave similar to adware.<\/p>\n<p>The technique for distributing malicious code comes as developers and security firms are trying to detect attackers who compromise code bases and insert malicious modifications. Skipping the initial requirements of compromising the code base makes the attack simpler, Bishop Fox CEO Vinnie Liu&nbsp;<a href=\"https:\/\/www.darkreading.com\/application-security\/malicious-code-injected-via-google-chrome-extension-highlights-app-risks\/d\/d-id\/1340100\" target=\"_blank\" rel=\"noopener noreferrer\">told Dark Reading earlier this month<\/a>.&nbsp;<\/p>\n<p>&#8220;The secure development life cycle has for 15 years been focused on preventing the inadvertent introduction of vulnerabilities by developers, and not against identifying and preventing the purposeful insertion of malicious code or behavior into an existing application,&#8221; he said. &#8220;Developers are unprepared for this. Most enterprise security programs are unprepared for this.&#8221;&nbsp;<\/p>\n<p>Paying for access to a vulnerable system is not necessarily new, however. Cybercriminals services that sell access to already compromised systems have evolved over the past decade; such services now account for a large number of ransomware infections. In 2016, cybersecurity experts were already warning of the <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/ransomware-scada-access-as-a-service-emerging-threats-for-ics-operators-report-says\/d\/d-id\/1325952\" target=\"_blank\" rel=\"noopener noreferrer\">emergence of access-as-a-service sites<\/a> used by cybercriminals.&nbsp;<\/p>\n<p>Other gray-market groups use a more subtle approach, creating advertising software development kits (SDKs) used by developers to monetize their applications, but then adding aggressive advertising or even malicious code to the third-party component. In August, for example, researchers at security firm Snyk revealed that an SDK used by more than 1,200 iOS applications had <a href=\"https:\/\/www.darkreading.com\/mobile\/large-ad-network-collects-private-activity-data-reroutes-clicks\/d\/d-id\/1338733\" target=\"_blank\" rel=\"noopener noreferrer\">adopted code to spy on millions of users<\/a>.&nbsp;<\/p>\n<p>Compromising the supply chain directly is also becoming more common. Many cybercriminals and nation-state operators have <a href=\"https:\/\/www.darkreading.com\/risk\/the-increasingly-vulnerable-software-supply-chain\/a\/d-id\/1332756\" target=\"_blank\" rel=\"noopener noreferrer\">targeted popular software and vendors<\/a>&nbsp;\u2014 such as the software compromise that allowed NotPetya to spread and the attack on SolarWinds \u2014 as a way to eventually infect companies using the software.<\/p>\n<p>By targeting struggling but popular software projects, however, cybercriminals have added another door into the supply chain for their code.&nbsp;<\/p>\n<p>The Barcode Scanner app behind the latest case appeared on the Google Play store in 2017 as a legitimate, ad-driven application with tens of thousands of users, according to Malwarebytes. At the time of its sale to an organization named LavaBird LLC, the application had about 10 million downloads and an extensive user base, according to Malwarebytes. LavaBird says the company then sold it to another third party, who made the malicious modifications, Collier says.&nbsp;<\/p>\n<p>&#8220;The clean version was on there for a long, long time &#8230; so it was growing and growing and growing before it got taken up by LavaBird,&#8221; he says. &#8220;They bought it with the intention of selling it as quickly as they can, but the problem is they did zero verification on who they were selling it to.&#8221;<\/p>\n<p>Should developers be required to do due diligence on buyers? Collier says he is not so sure. Instead, the company behind the ecosystem \u2014 whether Apple, Google, Microsoft, or another \u2014 should ensure that security checks on updates are as rigorous as on the original application, especially if the maintainer has changed.<\/p>\n<p>&#8220;Google really only looks in depth when the code is first uploaded,&#8221; he says. &#8220;Looking at the code, this would have been an easy one to detect. I downloaded the app, and within five minutes it was opening up Google Chrome and doing redirects.&#8221;<\/p>\n<p>Yet he acknowledged the security firms have to adapt to the new strategy as well.<\/p>\n<p>&#8220;To be fair, in Google&#8217;s defense, the [mobile security] vendors were not even detecting it right off the bat either,&#8221; Collier says. &#8220;It was sly, slipped in, and it worked.&#8221;<\/p>\n<p><span class=\"italic\">Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT&#8217;s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1161\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/advanced-threats\/attackers-turn-struggling-software-projects-into-trojan-horses\/d\/d-id\/1340266?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code. Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/advanced-threats\/attackers-turn-struggling-software-projects-into-trojan-horses\/d\/d-id\/1340266?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-39754","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attackers Turn Struggling Software Projects Into Trojan Horses 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attackers Turn Struggling Software Projects Into Trojan Horses 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-26T17:55:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Attackers Turn Struggling Software Projects Into Trojan Horses\",\"datePublished\":\"2021-02-26T17:55:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/\"},\"wordCount\":943,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/\",\"name\":\"Attackers Turn Struggling Software Projects Into Trojan Horses 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"datePublished\":\"2021-02-26T17:55:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attackers-turn-struggling-software-projects-into-trojan-horses\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Attackers Turn Struggling Software Projects Into Trojan Horses\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attackers Turn Struggling Software Projects Into Trojan Horses 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/","og_locale":"en_US","og_type":"article","og_title":"Attackers Turn Struggling Software Projects Into Trojan Horses 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-02-26T17:55:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Attackers Turn Struggling Software Projects Into Trojan Horses","datePublished":"2021-02-26T17:55:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/"},"wordCount":943,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/","url":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/","name":"Attackers Turn Struggling Software Projects Into Trojan Horses 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","datePublished":"2021-02-26T17:55:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/attackers-turn-struggling-software-projects-into-trojan-horses\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Attackers Turn Struggling Software Projects Into Trojan Horses"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39754"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39754\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}