• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers uncover pypi package hiding malicious code behind image file

Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File

You are here: Home / General Cyber Security News / Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File
November 10, 2022

A destructive package deal learned on the Python Offer Index (PyPI) has been observed employing a steganographic trick to conceal destructive code in just impression files.

The deal in dilemma, named “apicolor,” was uploaded to the Python 3rd-party repository on Oct 31, 2022, and described as a “Core lib for Relaxation API,” according to Israeli cybersecurity organization Examine Point. It has considering the fact that been taken down.

Apicolor, like other rogue packages detected not long ago, harbors its malicious actions in the set up script utilized to specify metadata related with the deal, these types of as its dependencies.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


This takes the variety of a next deal referred to as “judyb” as very well as a seemingly harmless PNG file (“8F4D2uF.png”) hosted on Imgur, an picture-sharing assistance.

Malicious PyPI Package

“The judyb code turned out to be a steganography module, responsible [for] hiding and revealing concealed messages inside images,” Examine Issue described.

The attack chain involves working with the judyb offer to extract obfuscated Python code embedded within just the downloaded image, which, upon decoding, is intended to retrieve and execute a malicious binary from a remote server.

CyberSecurity

The progress is portion of an ongoing pattern where by threat actors are more and more environment their sights on the open up resource ecosystem to exploit the have faith in involved with 3rd-party program to mount supply chain attacks.

Even much more troublingly, this kind of destructive libraries can be incorporated into other open up supply initiatives and printed on GitHub, efficiently broadening the scope and scale of the attacks.

“These conclusions reflect very careful planning and believed by a menace actor, who proves that obfuscation strategies on PyPI have evolved,” the organization said.

Discovered this report fascinating? Adhere to THN on Fb, Twitter  and LinkedIn to examine a lot more unique content material we submit.


Some sections of this write-up are sourced from:
thehackernews.com

Previous Post: «is cybersecurity awareness month anything more than pr? Is Cybersecurity Awareness Month Anything More Than PR?
Next Post: #IRISSCON: Cyber Professionals Now Tasked with Securing Society, Says Mikko Hyppönen Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.