Highly Invasive Backdoor Snuck Into Open Source Packages Targets Developers

by
hubie
from SoylentNews on (#6GCZ1)

upstart writes:

Packages downloaded thousands of times targeted people working on sensitive projects:

Highly invasive malware targeting software developers is once again circulating in Trojanized code libraries, with the latest ones downloaded thousands of times in the last eight months, researchers said Wednesday.

Since January, eight separate developer tools have contained hidden payloads with various nefarious capabilities, security firm Checkmarx reported. The most recent one was released last month under the name "pyobfgood." Like the seven packages that preceded it, pyobfgood posed as a legitimate obfuscation tool that developers could use to deter reverse engineering and tampering with their code. Once executed, it installed a payload, giving the attacker almost complete control of the developer's machine. [...]

All eight tools used the string "pyobf" as the first five characters in an attempt to mimic genuine obfuscator tools such as pyobf2 and pyobfuscator. The other seven packages were:

  • Pyobftoexe
  • Pyobfusfile
  • Pyobfexecute
  • Pyobfpremium
  • Pyobflight
  • Pyobfadvance
  • Pyobfuse

While Checkmarx focused primarily on pyobfgood, the company provided a release timeline for all eight of them.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments