Python enbigers laboring on Mac devices are being aimed by North Korean hackers once aacquire experts have alerted.
A alert from cybersecurity researchers Unit 42 has claimed the attacks are, at least to some extent, part of the so-called Operation Dream Job, run by Lazarus Group, an inwell-understandn cyber intrusion accumulateive on North Korea’s payroll. It rbetters around creating phony job ads and luring gentleware enbigers to utilize. During the hiring process, the crooks would trick the devs into downloading and running harmful packages, thus granting the attackers access to transport inant resources.
In this instance, the criminals were watchd uploading firearmized Python packages to PyPI, one of the world’s most well-understandn Python package repositories.
PondRAT
So far, the researchers identified four packages, which were subsequently alerted and deleted from the platestablish:
genuine-ids (893 downloads)
coloredtxt (381 downloads)
attrvivacioustext (736 downloads)
minisound (416 downloads)
These packages were allegedly helderlying a piece of harmful programs called PondRAT. This distant access trojan is a describeped-down version of POOLRAT (also understandn as SIMPLESEA), a understandn macOS backdoor that Lazarus was watchd deploying in the past.
PondRAT can’t do all the leangs POOLRAT can, but it can still upload and download files, run arbitrary directs, or even stop laboring for a while.
“The evidence of compriseitional Linux variants of POOLRAT showed that Gleaming Pisces has been enhancing its capabilities apass both Linux and macOS platestablishs,” Unit 42 shelp. Gleaming Pisces, Unit 42 claims, is a sub-group of Lazarus.
“The firearmization of legitimate-seeing Python packages apass multiple operating systems poses a meaningful hazard to organizations. Successful insloftyation of harmful third-party packages can result in harmful programs infection that settles an entire netlabor.”
For months now, Lazarus has been creating phony job ads, trying to settle enbigers laboring in high-profile organizations. It was also seen trying to get employd by these firms, too.
Via The Hacker News
