A dormant bundle offered on the Python Deal Index (PyPI) repository was current just about after two years to propagate an info stealer malware termed Nova Sentinel.
The deal, named django-log-tracker, was initially revealed to PyPI in April 2022, according to software package offer chain security business Phylum, which detected an anomalous update to the library on February 21, 2024.
When the connected GitHub repository hasn’t been up to date considering the fact that April 10, 2022, the introduction of a destructive update implies a probable compromise of the PyPI account belonging to the developer.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Django-log-tracker has been downloaded 3,866 moments to date, with the rogue variation (1..4) downloaded 107 moments on the day it was revealed. The package deal is no extended available for download from PyPI.
“In the malicious update, the attacker stripped the package of most of its initial information, leaving only an __init__.py and illustration.py file at the rear of,” the business mentioned.
The variations, easy and self-explanatory, involve fetching an executable named “Updater_1.4.4_x64.exe” from a distant server (“45.88.180[.]54”), followed by launching it working with the Python os.startfile() functionality.
The binary, for its section, comes embedded with Nova Sentinel, a stealer malware that was 1st documented by Sekoia in November 2023 as remaining dispersed in the sort of bogus Electron apps on bogus websites offering online video recreation downloads.
“What is intriguing about this specific situation […] is that the attack vector appeared to be an attempted provide-chain attack via a compromised PyPI account,” Phylum explained.
“If this experienced been a definitely well-liked package, any challenge with this offer outlined as a dependency with out a edition specified or a versatile variation specified in their dependency file would have pulled the latest, destructive edition of this package.”
Found this write-up attention-grabbing? Stick to us on Twitter and LinkedIn to examine much more exceptional material we post.
Some parts of this post are sourced from:
thehackernews.com