• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Malicious Package on PyPI Hides Behind Image Files, Spreads Via GitHub

You are here: Home / General Cyber Security News / Malicious Package on PyPI Hides Behind Image Files, Spreads Via GitHub
November 9, 2022

A new malicious package deal has been found on the Python Package deal Index (PyPI) repository that could disguise code in pictures with a steganographic method and infect customers by means of open-resource tasks on Github.

The discovery has been made by Check out Place Research (CPR), who shared it with Infosecurity earlier currently.

“The malicious package we detected is named ‘apicolor.’ At initially glance, it appeared like a single of the many in-enhancement packages on PyPI,” reads the advisory. “After using a deeper glance into the offer set up script, scientists found a bizarre, non-trivial code portion at the beginning.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The code in question was accountable for manually installing added requirements, then downloading a image from the web and utilizing the freshly put in package deal to course of action the impression and set off the processing created output making use of the exec command.

“While seeking the web for legit jobs, a user will come across these GitHub open-sourced assignments and set up them domestically, not understanding it provides in a malicious package deal import,” CPR wrote. “It’s significant to notice that the code seems to work. In some situations, there are empty destructive offers.”

According to Ori Abramovsky, head of details science at SpectralOps (a Test Place firm), the company continually scans PyPI for destructive offers and responsibly studies them to PyPI.

“This a person is unique and distinctive from practically all the destructive packages we have encountered right before. This offer differs in the way it camouflages its intent and the way in which it targets PyPI users to infect them with destructive imports on GitHub,” the info authorities explained to Infosecurity.

Abramovsky extra that the new conclusions indicate that PyPI malicious packages and linked obfuscation approaches are evolving fast.

“The offer we have shared below demonstrates thorough and meticulous work. It is not the standard copy and paste that we generally see, but what would seem like a real marketing campaign. The creation of the GitHub assignments, then neatly hiding the code and downplaying the packages on PyPI, are all innovative do the job.”

To defend against attacks like this, CPR recommends corporations use menace code scanners to double-test 3rd-party packages and make sure that scores on initiatives on GitHub are not synthetically generated.

The complex write-up arrives around two months right after an advisory by SentinelLabs and Checkmarx joined a danger actor identified as ‘JuiceLedger’ to the to start with recognized phishing marketing campaign focusing on PyPI consumers.


Some areas of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Medibank Confirms Data Stolen in Breach is Now Available Online
Next Post: High-Risk Vulnerability Found in ABB’s Flow Computers Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.