1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Python devs are being targeted by this massive infostealing malwa

    From TechnologyDaily@1337:1/100 to All on Mon Mar 25 19:45:05 2024
    Python devs are being targeted by this massive infostealing malware campaign

    Date:
    Mon, 25 Mar 2024 19:39:25 +0000

    Description:
    A major typosquatting campaign in on the hunt for people's sensitive data
    such as stored passwords, Discord tokens, and more.

    FULL STORY ======================================================================

    Cybersecurity researchers from Checkmarx have discovered a new infostealing campaign that leveraged typosquatting and stolen GitHub accounts to
    distribute malicious Python packages to the PyPI repository.

    In a blog post, Tal Folkman, Yehuda Gelb, Jossef Harush Kadouri, and Tzachi Zornshtain of Checkmarx said they discovered the campaign after a Python developer complained about falling victim to the attack.

    Apparently, the company believes more than 170,000 people are at risk. Infostealers and keyloggers

    The attackers first took a popular Python mirror, Pythonhosted, and created a typosquatted website version. They named it PyPIhosted. Then, they grabbed a major package, called Colorama (150+ million monthly downloads), added malicious code to it, and then uploaded it on their typosquatted-domain fake-mirror. This strategy makes it considerably more challenging to identify the package's harmful nature with the naked eye, as it initially appears to
    be a legitimate dependency, the researchers explained.

    Another strategy involved stealing popular GitHub accounts. An account named editor-syntax got their account compromised, most likely via session cookie theft. By obtaining session cookies, the attackers managed to bypass any and all authentication methods and logged directly into the persons account. Editor-syntax is a major contributor, maintaining the Top.gg GitHub organization whose community counts more than 170,000 members. The threat actors used the access to commit malware to the Top.gg Python library.

    The goal of the campaign was to steal sensitive data from the victims. Checkmarxs researchers said the malware stole browser data (cookies, autofill information, browsing history, bookmarks, credit cards, and login
    credentials, from the biggest browsers such as Opera, Chrome, Brave, Vivaldi, Yandex, and Edge), Discord data (including Discord tokens, which can be used to access accounts), cryptocurrency wallet data, Telegram chat sessions, computer files, and Instagram data.

    Further analysis also discovered that the infostealer was able to work as a keylogger, as well. More from TechRadar Pro This well-known infostealer is back with upgraded malware Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/python-devs-are-being-targeted-by-this- massive-infostealing-malware-campaign


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)