Japanese cybersecurity officials warned that North Korea's infamous Lazarus Group hacking team recently waged a supply chain attack targeting the PyPI software repository for Python apps.
Developers who get tricked into downloading the nefarious packages onto their Windows machines are infected with a dangerous Trojan known as Comebacker.
Gartner senior director and analyst Dale Gardner describes Comebacker as a general purpose Trojan used for dropping ransomware, stealing credentials, and infiltrating the development pipeline.
Comebacker has been deployed in other cyberattacks linked to North Korea, including an attack on an npm software development repository.
The latest attack on software repositories is a type that has surged over the last year or so.
Other experts say non-native English speakers could be more at risk for this latest attack by the Lazarus Group.
Small and startup software firms in Asia typically have more limited security budgets than do their counterparts in the West, Macosko notes.
Devs should exercise increased caution and care when downloading open source dependencies.
PiPI No Stranger to Danger While developers can take steps to lower exposure, the onus falls on platform providers like PyPI to prevent abuse, according to Kelly Indah, a tech expert and security analyst at Increditools.
This is not the first time malicious packages have been slipped onto the platform.
Through enhanced vigilance and a coordinated response from developers, project leaders, and platform providers, we can work together to restore integrity and confidence.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 11 Mar 2024 00:05:13 +0000