Security News > 2024 > February > Japan warns of malicious PyPi packages created by North Korean hackers
Japan's Computer Security Incident Response Team is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.
PyPI is a repository of open-source software packages that software developers can utilize in their Python projects to add additional functionality to their programs with minimal effort.
The lack of strict checks on the platform allows threat actors to upload malicious packages like information-stealing malware and backdoors that infect developers' computers with malware when added to their projects.
Lazarus previously leveraged PyPI to distribute malware in August 2023, when the North Korean state-sponsored hackers submitted packages camouflaged as a VMware vSphere connector module.
Today, JPCERT/CC is warning that Lazarus has once again uploaded packages to PyPi that will install the 'Comebacker' malware loader.
The malicious packages share a similar file structure, containing a 'test.
News URL
Related news
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)