Actors behind PyPI supply chain attack have been active since late 2021

Actors behind PyPI supply chain attack have been active since late 2021

Enlarge (credit: Getty Images)

The official software repository for the Python language, Python Package Index (PyPI), has been targeted in a complex supply chain attack that appears to have successfully poisoned at least two legitimate projects with credential-stealing malware, researchers said on Thursday.

PyPI officials said last week that project contributors were under a phishing attack that attempted to trick them into divulging their account login credentials. When successful, the phishers used the compromised credentials to publish malware that posed as the latest release for legitimate projects associated with the account. PyPI quickly took down the compromised updates and urged all contributors to use phishing-resistant forms of two-factor authentication to protect their accounts better.

On Thursday, researchers from security firms SentinelOne and Checkmarx said that the supply chain attacks were part of a larger campaign by a group that has been active since at least late last year to spread credential-stealing malware the researchers are dubbing JuiceStealer. Initially, JuiceStealer was spread through a technique known as typosquatting, in which the threat actors seeded PyPI with hundreds of packages that closely resembled the names of well-established ones, in the hopes that some users would accidentally install them.

Read 4 remaining paragraphs | Comments



https://ift.tt/ZPLe1Ea

Comments