HomeCyber BalkansDormant PyPI Package Compromised to Spread Nova Sentinel Malware

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

Published on

spot_img


 

Nova Sentinel Malware

A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel.

The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected an anomalous update to the library on February 21, 2024.

While the linked GitHub repository hasn’t been updated since April 10, 2022, the introduction of a malicious update suggests a likely compromise of the PyPI account belonging to the developer.

Django-log-tracker has been downloaded 3,866 times to date, with the rogue version (1.0.4) downloaded 107 times on the date it was published. The package is no longer available for download from PyPI.

“In the malicious update, the attacker stripped the package of most of its original content, leaving only an __init__.py and example.py file behind,” the company said.

The changes, simple and self-explanatory, involve fetching an executable named “Updater_1.4.4_x64.exe” from a remote server (“45.88.180[.]54”), followed by launching it using the Python os.startfile() function.

The binary, for its part, comes embedded with Nova Sentinel, a stealer malware that was first documented by Sekoia in November 2023 as being distributed in the form of fake Electron apps on bogus sites offering video game downloads.

“What’s interesting about this particular case […] is that the attack vector appeared to be an attempted supply-chain attack via a compromised PyPI account,” Phylum said.

“If this had been a really popular package, any project with this package listed as a dependency without a version specified or a flexible version specified in their dependency file would have pulled the latest, malicious version of this package.”

-REFERENCE: https://thehackernews.com/2024/02/dormant-pypi-package-compromised-to.html

K.Z



Source link

Latest articles

When AI Acquires a Physical Form, It Inherits an Attack Surface

Embodied artificial intelligence (AI) constructs a bridge between the digital and physical realms by...

CISA Calls for Immediate Hardening of SharePoint Amid Rising Exploits

Understanding the Impact of Vulnerabilities in Cybersecurity In today’s rapidly evolving digital landscape, the distinction...

Single Prompt Empowers ChatGPT to Perform Complete Cyber-Attack Sequence

In a recent study, cybersecurity researchers from Cato Networks highlighted a significant concern about...

AI Appreciation Day: Security Leaders Suggest a Conditional Celebration

AI Appreciation Day: Reflections from the Security Industry Today marks AI Appreciation Day, an annual...

More like this

When AI Acquires a Physical Form, It Inherits an Attack Surface

Embodied artificial intelligence (AI) constructs a bridge between the digital and physical realms by...

CISA Calls for Immediate Hardening of SharePoint Amid Rising Exploits

Understanding the Impact of Vulnerabilities in Cybersecurity In today’s rapidly evolving digital landscape, the distinction...

Single Prompt Empowers ChatGPT to Perform Complete Cyber-Attack Sequence

In a recent study, cybersecurity researchers from Cato Networks highlighted a significant concern about...