Security News > 2024 > May > PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.
Discovered by Phylum, the campaign involves several steps and obfuscation layers, including using steganography in a PNG image file to covertly install the Sliver payload on the target.
As of writing this, the malicious PyPI package has been removed, but its discovery is another sign of Sliver's increased adoption of remote access to corporate networks.
Sliver is a cross-platform open-source adversarial framework testing suite designed for "Red team" operations, simulating adversary actions when testing network defenses.
Due to this, hackers started using Sliver in 2022 primarily as an alternative to the commercial pen-testing framework Cobalt Strike, which, after many years of abuse, has become easier to detect and block.
Following Phylum's report of requests-darwin-lite to the PyPI team, the package has been removed.