Python Packages Gone Rogue: A Tale of Malicious Software Supply
– The discovery of three more malicious Python packages as part of the ongoing VMConnect campaign.
– Signs pointing to the involvement of North Korean state-sponsored threat actors.
– The investigative findings gathered by ReversingLabs, which identified the rogue packages named tablediter, request-plus, and requestspro.
VMConnect, The Python PyPI Snake Slips In Trojans
Looks like the Python sneaked in some rather unsolicited gifts. In a digital version of the Trojan horse, three more malicious packages have been discovered, lurking in the Package Index (PyPI) repository. This discovery forms part of an ever-widening investigation into the VMConnect campaign – one that’s becoming about as welcome as a bluescreen on a deadline day.
North Korea: Is It The Puppet Master Behind The Screen?
Though the culprits behind these attacks haven’t sent any ‘wish you were here’ postcards, signs are hinting at the involvement of North Korean state-sponsored threat actors. That’s right, folks – while we’ve been busy patching our systems, someone, potentially from North Korea, decided to play Puppet Master for their benefit. Talk about an unwelcome surprise!
The Eagle Eye of ReversingLabs Spots The Culprits
The investigative eye of ReversingLabs turned into a veritable digital hawk in this scenario, spotting the rogue packages known as tablediter, request-plus, and requestspro. The only thing these packages are requesting is a dollop of mischief in our systems. As they say, never judge a software package by its (supposedly innocent) name!
In sum, while it’s not quite the inaugural episode of Python’s Flying Circus, the realities of this Python-esque scenario are no laughing matter. With the discovery of three additional malicious Python packages inside the PyPI repository, the continuation of the VMConnect campaign is executed with all the subtly of a bull in a china shop. North Korean state-sponsored threat actors are potentially behind these cyber wrongdoings, and the expertise of ReversingLabs identified the malicious packages. So let’s brace ourselves and remember, just like the classic dad joke, sometimes the things that make us laugh can really bite.
Note to web architects: I guess that’s why they call it “web security” – because it’s about as complex as a spider’s web, and you never know when you’re about to get bit!Original Article: https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html