1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Python developers targeted with fake PyPl packages

    From TechnologyDaily@1337:1/100 to All on Thu Jun 6 15:00:05 2024
    Python developers targeted with fake PyPl packages

    Date:
    Thu, 06 Jun 2024 14:50:00 +0000

    Description:
    Researchers spot yet another typosquatted package on PyPI, this time dropping the Lumma infostealer.

    FULL STORY ======================================================================

    Another day, another malicious package being discovered on the Python Package Index (PyPI) repository.

    Ax Sharma, a cybersecurity researcher from Sonatype, found a typosquatted version of the legitimate library named crytic-compile.

    Crytic-compile is a tool that simplifies the process of compiling smart contracts, written in different languages, and designed for use with security analysis tools. It was developed by Trail of Bits, and provides a unified interface to compile smart contracts, making it easier for developers and security researchers to work with different analysis tools without worrying about the specifics of each compilation process. Fake it until you make it

    The malicious version, on the other hand, is called crytic-compilers and it
    is designed to deploy the Lumma infostealer. The threat actors went the extra mile to trick unsuspecting Python developers into downloading the wrong version, too. For example, the typosquatted variant has the same version number as the real library, and in some versions, it even installs the actual package.

    Newer versions, however, dropped the act:

    "The counterfeit library is interesting in that, in addition [to] being named after the legitimate Python utility, 'crytic-compile,' it aligns its version numbers with the real library," Sharma said. "Whereas the real library's latest version stops at 0.3.7, the counterfeit 'crytic-compilers' version picks up right here, and ends at 0.3.11 giving off the impression that this is a newer version of the component."

    Lumma is a known infostealer, a piece of malware capable of grabbing
    passwords stored in popular browsers, cookies, credit card information, and data related to cryptocurrency wallets. Often referred to as LummaC2, the malware is offered as a service, for a subscription fee ranging between $250 and $1,000.

    Since the attack relies on the recklessness of the victims, the best protection is to simply be extra careful when downloading packages from PyPI.

    Via The Hacker News More from TechRadar Pro Watch out - criminals are
    turning to YouTube videos to trick victims into downloading malware Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/python-developers-targeted-with-fake-py pl-packages


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)