Malicious Python Packages Target Developers

0
376
New OrBit Malware Infects All Running Processes

Dit bericht verscheen eerder bij FOSSlife

Highly invasive malware, which targets software developers, has been downloaded thousands of times in the last eight months, according to researchers at Checkmarx.

The tools are disguised as legitimate Python obfuscation tools, says Dan Goodin, with the most recent released last month by the name of “pyobfgood.” Once executed, he says, the tool “installs a payload, giving the attacker almost complete control of the developer’s machine.” For example, the tools can:

  • Steal passwords from the Chrome web browser
  • Set up a keylogger
  • Download files from the victim’s system
  • Capture screenshots and record both screen and audio

Yehuda Gelb at Checkmarx notes, “Developers who engage in code obfuscation are likely working with valuable and sensitive information. As a result, hackers see them as valuable targets to pursue and therefore are likely to be the victims targeted in this attack.”

Read more at Ars Technica.

Contact FOSSlife to learn about partnership and sponsorship opportunities.

Dit bericht verscheen eerder bij FOSSlife

Vorig artikelAzure support for TLS 1.0 and TLS 1.1 will end by 31 October 2024
Volgend artikelExport cost details using the FinOps Open Cost and Usage Specification (FOCUS)