Security News > 2023 > August > North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository
Three additional rogue Python packages have been discovered in the Package Index repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors.
First disclosed at the start of the month by the company and Sonatype, VMConnect refers to a collection of Python packages that mimic popular open-source Python tools to download an unknown second-stage malware.
The latest tranche is no different, with ReversingLabs noting that the bad actors are disguising their packages and making them appear trustworthy by using typosquatting techniques to impersonate prettytable and requests and confuse developers.
One of the main changes introduced in tablediter is the fact that it no longer triggers the malicious code immediately upon installation of the package so as to evade detection by security software.
What's more, ReversingLabs said it found a Python package named py QRcode which contains malicious functionality that is very similar to that found in the VMConnect package.
"This is just another in a line of malicious attacks targeting users of the PyPI repository," Zanki said, adding "Threat actors continue to use the Python Package Index repository as a distribution point for their malware."
News URL
https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)