Fabio Manganiello on Nostr: Four more #Python packages connected to North Korean hackers. They contain a test.py ...
Four more #Python packages connected to North Korean hackers.
They contain a test.py file that decodes an intermediary DLL which generates a payload (disguised as IconCache.db) which in turn connects to a command-and-control server.
Affected packages:
pycryptoenv – 743 downloads
pycryptoconf – 1344 downloads
quasarlib – 778 downloads
swapmempool – 392 downloads
https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/
They contain a test.py file that decodes an intermediary DLL which generates a payload (disguised as IconCache.db) which in turn connects to a command-and-control server.
Affected packages:
pycryptoenv – 743 downloads
pycryptoconf – 1344 downloads
quasarlib – 778 downloads
swapmempool – 392 downloads
https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/