North Korean Hackers Launches New Attack on PyPI Repositories

IndustryTrends

As part of the continuing VMConnect malicious software supply chain effort, security researchers uncovered three more rogue Python packages in the PyPI repository.

These packages, dubbed tableeditor, request-plus, and requestspro, were discovered to be part of a campaign.

ReversingLabs, discovered that the threat actors behind VMConnect are impersonating respectable programmes like prettytable and requests.

The tablediter package contains malicious code that runs in an infinite execution loop and visits a remote server on a regular basis.

Notably, the malicious code is no longer activated immediately after the installation of the tablediter.

Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.