Security News > 2024 > February > Japan warns of malicious PyPi packages created by North Korean hackers
Japan's Computer Security Incident Response Team is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.
PyPI is a repository of open-source software packages that software developers can utilize in their Python projects to add additional functionality to their programs with minimal effort.
The lack of strict checks on the platform allows threat actors to upload malicious packages like information-stealing malware and backdoors that infect developers' computers with malware when added to their projects.
Lazarus previously leveraged PyPI to distribute malware in August 2023, when the North Korean state-sponsored hackers submitted packages camouflaged as a VMware vSphere connector module.
Today, JPCERT/CC is warning that Lazarus has once again uploaded packages to PyPi that will install the 'Comebacker' malware loader.
The malicious packages share a similar file structure, containing a 'test.
News URL
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)