![]() ![]() Similarly, Checkmarx identified an alternate attack chain where executable code was hidden within a PNG image ("uwupng"). The embedded binary in "Runtimeexe" gathers information from browsers, cryptocurrency wallets, and other applications. The packages utilized the setup.py script to reference other malicious packages, like pystob and pywool, deploying Visual Basic Script (VBScript) to download and execute a file named "Runtimeexe" for persistent host compromise. The attackers employed steganography to conceal a malicious payload within seemingly harmless image files, enhancing the attack's stealthiness. These malicious packages, masquerading as legitimate libraries, primarily attracted attention from users in the U.S., China, France, Hong Kong, Germany, Russia, Ireland, Singapore, the U.K., and Japan. Checkmarx's recent report highlights 27 packages, such as pyefflorer, pyminor, pyowler, pystallerer, pystob, and pywool, with thousands of downloads. For nearly six months, an unidentified threat actor has been distributing malware-laden packages on the Python Package Index (PyPI), targeting unsuspecting users seeking popular Python libraries.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |