A new supply chain attack has recently been detected targeting Python Package Index (PyPI) users with the Wacatac Trojan. This attack is seen as the latest in a series of advanced persistent threats (APT) targeting the escalating use of Python in enterprise applications. According to security researchers, the Wacatac Trojan was used in the attack to install malicious cryptocurrency miners on targeted systems.
The attack saw compromised accounts modify existing legitimate Python packages and add code to them to download and run the Wacatac Trojan. The malicious code would be deployed upon installation as an entry-point backdoor and was capable of stealing sensitive information.
The compromised packages were removed from the PyPI index shortly after the attack was detected. Upon removal, security researchers were able to analyse the illegally modified Python packages and revealed the malicious cryptocurrency miners found within the code. The PyPI security incident was reported to be the first-ever known supply chain attack leveraging Python packages.
Users of the PyPI index have since been advised to run regular security scans of blogs, websites, and applications as well as update their software to prevent similar attacks in the future. Furthermore, it is important to ensure that packages are downloaded only from trusted sources to avoid being targeted by these supply chain attacks.
This particular attack has brought to the fore the importance of the security of Python packages and the need for enterprises to strengthen their security. This attack also highlights the escalating threat of supply chain attacks where attackers exploit vulnerabilities in the supply chain to gain access to systems. To protect against such attacks, enterprises must ensure their applications and components are always up-to-date with the latest security measures.
This Cyber News was published on www.securityweek.com. Publication date: Sun, 22 Jan 2023 10:48:00 +0000