Security News > 2022 > December > Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

An active malware campaign is targeting the Python Package Index and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains.

According to Phylum, the rogue packages embed source code that retrieves Golang-based ransomware binary from a remote server depending on the victim's operating system and microarchitecture.

In a sign that the attack is not limited to PyPI, the adversary has been spotted publishing five different modules in npm: discordallintsbot, discordselfbot16, discord-all-intents-bot, discors.

"The attacker has also published several npm packages that behave in a similar manner," Phylum CTO Louis Lang said, adding each of the libraries contain the JavaScript equivalent of the same code to deploy the ransomware.

The findings come as ReversingLabs uncovered a tranche of 10 additional PyPI packages pushing modified versions of the W4SP Stealer malware as part of an ongoing supply chain attack aimed at software developers that's believed to have started around September 25, 2022.

Build artifacts are the files created by the build process, such as distribution packages, WAR files, logs, and reports.

News URL

https://thehackernews.com/2022/12/malware-strains-targeting-python-and.html