Hackread reports that Russian developers have been targeted by a suspected pro-Ukraine hacktivist operation with the debugging tool-spoofing Python Package Index repository package "dbgpkg" that facilitates malicious code execution and information exfiltration.
Installation of the dbgpkg package facilitates behavioral adjustments for Python networking tools that conceal malicious code until such functions are activated by developers, a report from ReversingLbas researchers showed. After monitoring for a certain file, dbgpkg's wrapper code proceeds with the execution of a trio of commands, with the first enabling public key downloads from Pastebin, the second injecting the Global Socket Toolkit tool for firewall evasion, and the last delivering the secret encrypted by the key downloaded by the second command to a private location. Additional analysis of the package showed similarities with pro-Ukraine hacktivist group Phoenix Hyena's malware. "[W]ith a campaign driven by geopolitical tensions and the continuing hostility between Russia and Ukraine, RL researchers believe that more malicious packages are almost certain to be created as part of this campaign," said researchers.
Installation of the dbgpkg package facilitates behavioral adjustments for Python networking tools that conceal malicious code until such functions are activated by developers, a report from ReversingLbas researchers showed. After monitoring for a certain file, dbgpkg's wrapper code proceeds with the execution of a trio of commands, with the first enabling public key downloads from Pastebin, the second injecting the Global Socket Toolkit tool for firewall evasion, and the last delivering the secret encrypted by the key downloaded by the second command to a private location. Additional analysis of the package showed similarities with pro-Ukraine hacktivist group Phoenix Hyena's malware. "[W]ith a campaign driven by geopolitical tensions and the continuing hostility between Russia and Ukraine, RL researchers believe that more malicious packages are almost certain to be created as part of this campaign," said researchers.
