• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers uncover 3 pypi packages spreading malware to developer systems

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

You are here: Home / General Cyber Security News / Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems
January 17, 2023

A risk actor by the title Lolip0p has uploaded three rogue packages to the Python Bundle Index (PyPI) repository that are designed to drop malware on compromised developer programs.

The deals – named colorslib (variations 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (model 4.6.12) – by the author in between January 7, 2023, and January 12, 2023. They have due to the fact been yanked from PyPI but not ahead of they were cumulatively downloaded more than 550 occasions.

The modules occur with equivalent setup scripts that are intended to invoke PowerShell and run a malicious binary (“Oxzy.exe”) hosted on Dropbox, Fortinet disclosed in a report released last 7 days.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The executable, once launched, triggers the retrieval of a future-stage, also a binary named update.exe, that runs in the Windows momentary folder (“%Person%AppDataLocalTemp”).

update.exe is flagged by antivirus sellers on VirusTotal as an facts stealer which is also capable of dropping added binaries, a person of which is detected by Microsoft as Wacatac.

The Windows maker describes the trojan as a threat that “can conduct a selection of actions of a destructive hacker’s preference on your Personal computer,” which include offering ransomware and other payloads.

“The creator also positions every single package as authentic and cleanse by which include a convincing challenge description,” Fortinet FortiGuard Labs researcher Jin Lee explained. “Nevertheless, these packages obtain and run a malicious binary executable.”

The disclosure comes months immediately after Fortinet unearthed two other rogue packages by the identify of Shaderz and aioconsol that harbor comparable abilities to gather and exfiltrate sensitive private info.

The results after yet again reveal the regular stream of malicious action recorded in popular open up supply package deal repositories, whereby threat actors are using benefit of the have confidence in associations to plant tainted code in get to amplify and lengthen the reach of the bacterial infections.

End users are encouraged to physical exercise warning when it arrives to downloading and jogging offers from untrusted authors to keep away from slipping prey to supply chain attacks.

Located this short article appealing? Follow us on Twitter  and LinkedIn to go through much more distinctive written content we post.


Some sections of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News US to Launch Third Iteration of ‘Hack the Pentagon’ Bug Bounty Program
Next Post: Initial Access Broker Activity Doubles in a Year Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
  • Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
  • Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
  • Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
  • Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
  • Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
  • The Hidden Weaknesses in AI SOC Tools that No One Talks About
  • Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
  • Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
  • North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.