Malicious Python Package Relies on Steganography to Download Malware

  /     /     /  
Publicated : 23/11/2024   Category : security


Malicious Python Package Relies on Steganography to Download Malware


The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.



Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files.
The malicious package was available on PyPI, a package index widely used by Python developers. After being notified of it, PyPIs maintainers have removed the malicious package.
The malicious package, apicolor, looks like one of many development packages available on PyPI. The header states the package is a core lib for REST API. The package installation script for apicolor has instructions to download additional packages (requests and judyb), along with a picture from the Web. The script then uses the steganography capabilities in judyb to uncover and execute the malicious code hidden inside the image file. The malicious code downloads malware from the Web and installs it on the users machine.
The impact seems minimal — Check Point Research found only three GitHub users including apicolor and judyb in their code, and a little over 80 projects containing the malicious packages. The infection method relies on people stumbling across these open source projects and installing them on their machines, not knowing it brings in a malicious package import, the team said.
The more important takeaway? These findings reflect careful planning and thought by a threat actor, who proves that obfuscation techniques on PyPI have evolved,
Check Point Research wrote on the teams blog
.
Attackers are no longer just relying on the strategy to copy and rename existing packages and hide malicious code inside. Instead, they are targeting certain type of users — often those working from home, and those using corporate machines for side projects, according to the research team.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Malicious Python Package Relies on Steganography to Download Malware