Cloud Security, Malware
Supply chain attack against PyPi part of larger campaign
Supply chain attacks against the Python Package Index repository last week that resulted in the compromise of at least two PyPi projects were only part of a bigger campaign aimed at spreading the JuiceStealer credential-stealing malware since late last year, according to Ars Technica.
After being initially distributed through typosquatting, JuiceStealer, which is based on the .Net programming framework, was eventually spread by developer JuiceLedger through fraudulent cryptocurrency-themed applications, a report from SentinelOne and Checkmarx found.
Malware activity was discovered to have begun last year, with continued evolution observed since then.
"JuiceLedger appears to have evolved very quickly from opportunistic, small-scale infections only a few months ago to conducting a supply chain attack on a major software distributor. The escalation in complexity in the attack on PyPI contributors, involving a targeted phishing campaign, hundreds of typosquatted packages and account takeovers of trusted developers, indicates that the threat actor has time and resources at their disposal," said researchers.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds