Malicious Package Mimics Popular Library To Spread Malware

Malicious Package Mimics Popular Library To Spread Malware

Published on May 14th, 2024

Researchers have uncovered a cunning attempt to distribute malware through a seemingly legitimate Python package.

The malicious package, named “requests-darwin-lite,” masqueraded as an offshoot of the well-known “requests” library, a popular tool for making HTTP requests in Python applications.

Steganographic Shenanigans

The deception went beyond a similar name. The malicious actors employed steganography, a technique for hiding data within another file.

In this case, they concealed a Golang-based variant of the Sliver command-and-control (C2) framework within an unusually large version of the “requests” library logo embedded as a PNG image.

Targeted Attack Or Testing The Waters?

The malware wasn’t a one-size-fits-all approach. The code within the package was programmed to activate only on Apple macOS systems after verifying the system’s Unique Identifier (UUID).

This implies a targeted attack aimed at a specific machine or a test run before a wider distribution.

Open-Source Under Threat

This incident highlights the growing threat of malware hidden within open-source software repositories.

With software development heavily reliant on open-source code, such occurrences raise concerns about supply chain security.

The need for robust methods to detect and prevent malware infiltration in popular repositories like PyPI is becoming increasingly critical.

Key Takeaways:

  • Malicious actors are turning to increasingly sophisticated techniques to distribute malware.
  • Open-source ecosystems remain vulnerable to such attacks.
  • Implementing measures to ensure software supply chain security is crucial.