Malicious Python packages help North Korean APT deliver PondRAT malware

Share This Post



North Korean advanced persistent threat operation Gleaming Pisces, which is believed to be a sub-cluster of the Lazarus Group, leveraged malicious Python Package Index packages to facilitate the deployment of the new PondRAT malware, which has been noted to be a more compact iteration of the POOLRAT macOS backdoor, according to The Hacker News.

All four of the poisoned packages, which have already been removed from the PyPI repository, enabled encoded next-stage payload execution before deploying PondRAT for Linux and macOS, which have file upload and download, as well as arbitrary command execution capabilities, a report from Palo Alto Networks Unit 42 showed. Gleaming Pisces, also known as Labyrinth Chollima, Citrine Sleet, Nickel Academy, and UNC4736, has also launched more Linux versions of the POOLRAT trojan. “The weaponization of legitimate-looking Python packages across multiple operating systems poses a significant risk to organizations. Successful installation of malicious third-party packages can result in malware infection that compromises an entire network,” said Unit 42.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch