Four more #Python packages connected to North Korean hackers.
They contain a test.py file that decodes an intermediary DLL which generates a payload (disguised as IconCache.db) which in turn connects to a command-and-control server.
Affected packages:
pycryptoenv – 743 downloads
pycryptoconf – 1344 downloads
quasarlib – 778 downloads
swapmempool – 392 downloads
https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/
Fabio Manganiello /
npub13u…dpvgs
2024-02-28 15:36:29
Author Public Key
npub13uunvh7djw9ep54nswkuxlneyee7ehcpc7e53t68krykrdeg6j4qrdpvgsPublished at
2024-02-28 15:36:29Event JSON
{
"id": "70e4285c25f27027d9437a7010a1f7338062581e538a7c0ae063ce63bbc5170c",
"pubkey": "8f39365fcd938b90d2b383adc37e792673ecdf01c7b348af47b0c961b728d4aa",
"created_at": 1709134589,
"kind": 1,
"tags": [
[
"t",
"python"
],
[
"proxy",
"https://manganiello.social/objects/bf4c1634-0797-4d84-929e-b48787bd782d",
"activitypub"
]
],
"content": "Four more #Python packages connected to North Korean hackers.\n\nThey contain a test.py file that decodes an intermediary DLL which generates a payload (disguised as IconCache.db) which in turn connects to a command-and-control server.\n\nAffected packages:\n\npycryptoenv – 743 downloads\npycryptoconf – 1344 downloads\nquasarlib – 778 downloads\nswapmempool – 392 downloads\n\nhttps://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/",
"sig": "d3a7dba040f72a951bc4c6b7a19cad331685580b0b17c057eb6449f69e9d0b06dcdf50ee62e544f2f14c355c176d6a443abd626f3502aa3d5d6b857d8dc2c6a8"
}