HomeRisk ManagementsPyPi package exploits Mac systems with Sliver pen-testing suite - Source: www.bleepingcomputer.com

PyPi package exploits Mac systems with Sliver pen-testing suite – Source: www.bleepingcomputer.com

Published on

spot_img

A recently discovered campaign targeting macOS devices with the Sliver C2 adversary framework has raised concerns among cybersecurity experts. The attackers utilized a malicious PyPI package mimicking the popular ‘requests’ library to covertly install the Sliver payload on the target through steganography in a PNG image file. This discovery underscores the growing trend of threat actors using sophisticated tools like Sliver for gaining initial access to corporate networks.

The malicious PyPI package, named ‘requests-darwin-lite,’ contained the Sliver binary inside a disguised PNG image file featuring the Requests logo. Upon installation on a macOS system, the package executed a PyInstall class to decode a base64-encoded string and retrieve the system’s UUID (Universal Unique Identifier) using the ioreg command. The UUID was then compared to a predefined value to validate the target before extracting and launching the Sliver binary in the background.

After the discovery of this attack by the cybersecurity researchers at Phylum, the compromised PyPI package was promptly removed. The specific versions of the package (2.27.1 and 2.27.2) contained the malicious modifications, while the subsequent versions (2.28.0 and 2.28.1) were clean. It is believed that the threat actors behind this attack may have reverted the package to a benign state to evade detection, as indicated by the targeted nature of the UUID check.

The use of steganography to conceal malicious code in images for delivering malware tools is not a new tactic. In a previous campaign called SteganoAmor, attackers targeted over 320 organizations globally by embedding malware in images using steganography. This method allows threat actors to evade detection and deliver malicious payloads to unsuspecting victims across various sectors and countries.

Sliver, known for its cross-platform compatibility and advanced features such as custom implant generation, command and control capabilities, and post-exploitation tools, has gained popularity among cybercriminals seeking alternatives to traditional pen-testing frameworks like Cobalt Strike. As highlighted by cybersecurity advisories from authorities like CISA and the FBI, Sliver has become a common tool in the arsenal of hackers targeting corporate networks after exploiting vulnerabilities in popular gateways.

In conclusion, the emergence of campaigns like the one targeting macOS devices with Sliver serves as a reminder of the evolving threat landscape faced by organizations globally. With threat actors increasingly adopting sophisticated tools and techniques, cybersecurity professionals must remain vigilant and proactive in defending against such attacks. Collaboration between security researchers, industry stakeholders, and law enforcement agencies is crucial in mitigating the impact of malicious campaigns and safeguarding critical infrastructures from cyber threats.

Source link

Latest articles

FastNetMon Introduces Netomics, a Self-Hosted Routing Intelligence Platform

London, United Kingdom, July 10th, 2026, CyberNewswire In a significant development within the realm of...

Microsoft Alerts Users to Rising Volume of Security Updates

Microsoft has issued a cautionary statement to its customers concerning a significant increase in...

ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust and 17 Additional Stories

The Hidden Dangers of Neglected Security Practices: A Comprehensive Overview of Threats This Week The...

Microsoft Unveils GigaWiper: A Backdoor Engineered for On-Demand Destruction

Unveiling the Capabilities of GigaWiper: A New Threat in Cybersecurity Recent findings have shed light...

More like this

FastNetMon Introduces Netomics, a Self-Hosted Routing Intelligence Platform

London, United Kingdom, July 10th, 2026, CyberNewswire In a significant development within the realm of...

Microsoft Alerts Users to Rising Volume of Security Updates

Microsoft has issued a cautionary statement to its customers concerning a significant increase in...

ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust and 17 Additional Stories

The Hidden Dangers of Neglected Security Practices: A Comprehensive Overview of Threats This Week The...