Technology NewsResearchers Uncover 3 PyPI Packages Spreading Malware to Developer...

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

-


Jan 17, 2023Ravie LakshmananSoftware Security / Supply Chain

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems.

The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by the author between January 7, 2023, and January 12, 2023. They have since been yanked from PyPI but not before they were cumulatively downloaded over 550 times.

The modules come with identical setup scripts that are designed to invoke PowerShell and run a malicious binary (“Oxzy.exe“) hosted on Dropbox, Fortinet disclosed in a report published last week.

The executable, once launched, triggers the retrieval of a next-stage, also a binary named update.exe, that runs in the Windows temporary folder (“%USER%\AppData\Local\Temp\”).

update.exe is flagged by antivirus vendors on VirusTotal as an information stealer that’s also capable of dropping additional binaries, one of which is detected by Microsoft as Wacatac.

The Windows maker describes the trojan as a threat that “can perform a number of actions of a malicious hacker’s choice on your PC,” including delivering ransomware and other payloads.

“The author also positions each package as legitimate and clean by including a convincing project description,” Fortinet FortiGuard Labs researcher Jin Lee said. “However, these packages download and run a malicious binary executable.”

The disclosure arrives weeks after Fortinet unearthed two other rogue packages by the name of Shaderz and aioconsol that harbor similar capabilities to gather and exfiltrate sensitive personal information.

The findings once again demonstrate the steady stream of malicious activity recorded in popular open source package repositories, wherein threat actors are taking advantage of the trust relationships to plant tainted code in order to amplify and extend the reach of the infections.

Users are advised to exercise caution when it comes to downloading and running packages from untrusted authors to avoid falling prey to supply chain attacks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

New OPPO Reno8 T and Reno8 T 5G, 100 megapixel camera and 120 Hz screen

OPPO has launched a new series within its Reno line: this is the Reno8 T and Reno8 T...

ஒரு செயற்கை இரசாயன கடிகாரம் சர்க்காடியன் தாளங்களின் மர்மமான சொத்தை எவ்வாறு பின்பற்றுகிறது

சர்க்காடியன் தாளங்கள் ஒரு தனித்துவமான பண்புகளைக் கொண்டுள்ளன, இதில் வெப்பநிலை ஏற்ற இறக்கங்கள் இருந்தபோதிலும் சுழற்சி காலம் மாறாமல் இருக்கும், பல உயிர்வேதியியல் எதிர்வினைகளின்...

ChatGPT – OpenAI plans to introduce an optional subscription for users of its tool

ChatGPT is one of the most interesting technological curiosities of recent months. Much has already been written...

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

Feb 02, 2023Ravie LakshmananCyber Risk / Threat Detection The State Cyber Protection Centre (SCPC) of Ukraine has called out...

ChatGPT – OpenAI plans to introduce an optional subscription for users of its tool

ChatGPT is one of the most interesting technological curiosities of recent months. Much has already been written...

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

Feb 02, 2023Ravie LakshmananCyber Risk / Threat Detection The State Cyber Protection Centre (SCPC) of Ukraine has called out...

Must read

Delicious Steak Diane Recipe | The Recipe Critic

This website may contain affiliate links and advertising...