Insights

Python and JavaScript Repositories are Now Under Critical Investigation

IndustryTrends

An active malware campaign is targeting official Python and JavaScript repositories

An active malware campaign is targeting official Python and JavaScript repositories. Software supply chain security firm Phylum spotted the campaign. Phylum said that it came across Python and JavaScript campaign after noticing a flurry of activity around typosquats of the popular JavaScript and Python requests package. 

Typosquats take advantage of simple typos to install malicious packages. In this case, the PyPI typos include: dequests, requests, gequests, rdquests, reauests, reduests, reeuests, reqhests, reqkests, requesfs, requesta, requeste, requestw, requfsts, resuests, rewuests, rfquests, rrquests, rwquests, telnservrr, and tequests. Later on the company tracked down the attacker publishing the following NPM packages that also take advantage of typosquatting: discordallintsbot, discordselfbot16, discord-all-intents-bot, discors.jd, and telnservrr. As clones of the official libraries, they often go unnoticed until it's too late.

Getting dependent on the OS of the victim's device, this particular malware downloads a relevant Golang binary. When executed, the desktop background of the victim's computer is updated with a fake CIA image and the malware will attempt to encrypt some files. A README file is placed by the malware on the desktop that asks the user to contact the individual on Telegram and pay "a small fee of $100" in BTC, ETH, LTC, or XMR. In case we fail to do so, it will result in the deletion of the decryption key, the hacker claims. According to Phylum, the attack is ongoing (as of 13 December 2022) but a new version of the ransomware has been released that has also limited the supported architectures.

About Phylum

This company has first spotted that Python and JavaScript repositories that are under investigation. Phylum is a service that analyzes open-source software packages for indicators of risk. This enables Phylum to protect software developers and build pipelines and software products from malicious code, vulnerabilities, and bad actors. The company's big data platform ingests all the packages in software ecosystems and proactively uses graph theory, machine learning, and various analysis techniques to develop a risk score. These risk scores are then used to understand how open-source software can affect the security posture of products that use it. The company was founded in 2020 and is based in Evergreen, Colorado.

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp

                                                                                                       _____________                                             

Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.

Top Cryptocurrencies for Privacy and Anonymity

7 Altcoins That Will Outperform Ethereum (ETH) and Solana (SOL) in the Next Bull Run

Invest in Shiba Inu or Dogecoin? This is What $1000 in SHIB vs DOGE Could Be Worth After 3 Months

Ripple (XRP) Price Skyrocketed 35162.28% in 2017 During Trump’s First Term, Will History Repeat Itself in 2025?

These 4 Altcoins Are Set for a Meteoric Rise as Bitcoin (BTC) Enters Price Discovery Mode