Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.
Attackers behind the most recent version of the package, which amassed 107 downloads before being taken down, only retained the original package's __init__.py and example.py file while allowing the retrieval of an executable, which is then deployed through a Python function, a report from Phylum revealed. Such an executable was discovered to contain an Electron app, which was reported by Sekoia to have been used to spread Nova Sentinel.
"What's interesting about this particular case [...] is that the attack vector appeared to be an attempted supply-chain attack via a compromised PyPI account. If this had been a really popular package, any project with this package listed as a dependency without a version specified or a flexible version specified in their dependency file would have pulled the latest, malicious version of this package," said Phylum.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.
While threat actors continued to impersonate employers on job search platforms to lure software developers into participating in an online interview that would be followed by BeaverTail malware compromise, more recent attacks entailed the deployment of a new Qt-based BeaverTail version that enabled browser credential and cryptocurrency wallet data exfiltration.
The U.S. Department of Justice announced that Ukrainian national Mark Sokolovsky, also known as raccoon-stealer, black21jack77777, and Photix, has admitted guilt in operating the Raccoon Infostealer malware-as-a-service operation.