This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Earlier this year in June, a security researcher from security firm Sonatype uncovered six malicious payloads in the official Python programming language’s PyPI repository that were laced with cryptomining malware.
The attackers used typo-squatted names for the malicious payloads that were downloaded more than 5000 times. All the packages were posted on PyPI by the author “nedog123,” some as early as April of this year. Attackers used typosquats to trick people into thinking they were normal programs and hide their main purpose of hijacking developer systems for cryptomining.
The PyPI event is complex because it combines three different kinds of attacks: logic bombs, cryptojacking, and software supply chain attacks. The risk posed by these kinds of attacks requires immediate action from organizations if they want to shield their database.
Logic Bomb Attacks
A logic bomb also known as ‘code bomb’, cyber bomb, or slag code is a malicious piece of code that gets executed under specific conditions, usually with a malicious purpose. One challenge with logic bomb attacks is that they are sneaky in nature and can go undetected fo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Attackers Use Cryptomining Malware to Target Organizations