Python and JavaScript Repositories are Now Under Critical Investigation

Python and JavaScript Repositories are Now Under Critical Investigation
Published on

An active malware campaign is targeting official Python and JavaScript repositories

An active malware campaign is targeting official Python and JavaScript repositories. Software supply chain security firm Phylum spotted the campaign. Phylum said that it came across Python and JavaScript campaign after noticing a flurry of activity around typosquats of the popular JavaScript and Python requests package. 

Typosquats take advantage of simple typos to install malicious packages. In this case, the PyPI typos include: dequests, requests, gequests, rdquests, reauests, reduests, reeuests, reqhests, reqkests, requesfs, requesta, requeste, requestw, requfsts, resuests, rewuests, rfquests, rrquests, rwquests, telnservrr, and tequests. Later on the company tracked down the attacker publishing the following NPM packages that also take advantage of typosquatting: discordallintsbot, discordselfbot16, discord-all-intents-bot, discors.jd, and telnservrr. As clones of the official libraries, they often go unnoticed until it's too late.

Getting dependent on the OS of the victim's device, this particular malware downloads a relevant Golang binary. When executed, the desktop background of the victim's computer is updated with a fake CIA image and the malware will attempt to encrypt some files. A README file is placed by the malware on the desktop that asks the user to contact the individual on Telegram and pay "a small fee of $100" in BTC, ETH, LTC, or XMR. In case we fail to do so, it will result in the deletion of the decryption key, the hacker claims. According to Phylum, the attack is ongoing (as of 13 December 2022) but a new version of the ransomware has been released that has also limited the supported architectures.

About Phylum

This company has first spotted that Python and JavaScript repositories that are under investigation. Phylum is a service that analyzes open-source software packages for indicators of risk. This enables Phylum to protect software developers and build pipelines and software products from malicious code, vulnerabilities, and bad actors. The company's big data platform ingests all the packages in software ecosystems and proactively uses graph theory, machine learning, and various analysis techniques to develop a risk score. These risk scores are then used to understand how open-source software can affect the security posture of products that use it. The company was founded in 2020 and is based in Evergreen, Colorado.

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp

                                                                                                       _____________                                             

Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.

Related Stories

No stories found.
logo
Analytics Insight
www.analyticsinsight.net