Japanese cybersecurity officials issued a warning that North Korea’s infamous Lazarus Group hacking group recently launched a supply chain attack on the PyPI software repository for Python apps.
Threat actors disseminated contaminated packages with names like “pycryptoenv” and “pycryptoconf” that are comparable to the real “pycrypto” encryption tools for Python. Developers who are duped into installing the malicious packages onto their Windows workstations are infected with a severe Trojan called “Comebacker.”
“The malicious Python packages confirmed this time have been downloaded approximately 300 to 1,200 times,” Japan CERT noted in a warning issued late last month. “Attackers may be targeting users’ typos to have the malware downloaded.”
Comebacker is a general-purpose Trojan that can be used to deliver ransomware, steal passwords, and infiltrate the development pipeline, according to analyst and senior director at Gartner Dale Gardner.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: