Security News > 2024 > February > Japan warns of malicious PyPi packages created by North Korean hackers
Japan's Computer Security Incident Response Team is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.
PyPI is a repository of open-source software packages that software developers can utilize in their Python projects to add additional functionality to their programs with minimal effort.
The lack of strict checks on the platform allows threat actors to upload malicious packages like information-stealing malware and backdoors that infect developers' computers with malware when added to their projects.
Lazarus previously leveraged PyPI to distribute malware in August 2023, when the North Korean state-sponsored hackers submitted packages camouflaged as a VMware vSphere connector module.
Today, JPCERT/CC is warning that Lazarus has once again uploaded packages to PyPi that will install the 'Comebacker' malware loader.
The malicious packages share a similar file structure, containing a 'test.
News URL
Related news
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
- FBI links North Korean hackers to $308 million crypto heist (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)