Malware on PyPI respository..

[Bobbie Sellers]

Hi Usenet affictionados

Well I don't know if you guys have seen this yet.
This may be the most serious real threat in malware to happen yet.

> SIGN OF THE TIMES —
> Malware downloaded from PyPI 41,000 times was
surprisingly stealthy
> Malware infiltrating open source repositories is
getting more sophisticated.
> by Dan Goodin - 11/19/2021, 5:02 AM
>
> PyPI—the open source repository that both large and small
organizations use to download code libraries—was hosting 11 malicious
packages that were downloaded more than 41,000 times in one of the
latest reported such incidents threatening the software supply chain...
> Read the rest of the article
at:<https://arstechnica.com/information-technology/2021/11/malware-downloaded-from-pypi-41000-times-was-surprisingly-stealthy/>
>

bliss - brought to you by the power and ease of PCLinuxOS
and a minor case of hypergraphia

[Andrei Z.]

Malicious packages in PyPI use stealthy exfiltration methods

https://jfrog.com/blog/python-malware-imitates-signed-pypi-traffic-in-novel-exfiltration-technique/

[Andrei Z.]

Another stealthy :)

CronRAT malware hides behind February 31st – Sansec
https://sansec.io/research/cronrat

[The Natural Philosopher]

There is no February 31st in Linux calendar.


--
Future generations will wonder in bemused amazement that the early
twenty-first century’s developed world went into hysterical panic over a
globally average temperature increase of a few tenths of a degree, and,
on the basis of gross exaggerations of highly uncertain computer
projections combined into implausible chains of inference, proceeded to
contemplate a rollback of the industrial age.

Richard Lindzen

[166p1]

This sort of thing is beginning to hit the mainstream news.
While ordinary malware remains popular, infiltrating the
code of software providers has also become a rather
prominent issue. Poison the source and you've REALLY won.

Ya know all those md checksums that are often provided
for LinuxWare ? MIGHT be wise to start USING them ...

[Andrei Z.]

Sansec director of threat research Willem de Groot observes:
"Digital skimming is moving from the browser to the server and this is
yet another example. Most online stores have only implemented
browser-based defenses, and criminals capitalize on the unprotected
back-end. Security professionals should really consider the full attack
surface."

NginRAT parasite targets Nginx – Sansec
https://sansec.io/research/nginrat

"This novel code injects itself into a host Nginx application and is
nearly invisible. The parasite is used to steal data from eCommerce
servers, also known as “server-side Magecart”. The malware was found on
servers in the US, Germany and France."

[166p1]

> nearly invisible. The parasite is uoweHsed to steal data from eCommerce

> servers, also known as “server-side Magecart”. The malware was found on
> servers in the US, Germany and France."
>

Winders remains most vulnerable, for a number of reasons.
However even Linux/BSD is not immune - especially when it
comes to library contamination.

A couple of years ago, malicious hacks managed to contaminate
the Linux Mint repositories. I casually mentioned this to a
guy - who, turns out, had just installed and customized Mint
a few days before. He was PISSED. It all had to be flushed.

The (suspicious) message here is that Open Source is vulnerable,
perhaps MORE so than MS. Well, MS has always been more vulnerable
and remains so. It's huge, messy, code - and MS is both more
popular and more HATED.

Fortunately I was never into PyPy ... stuck with vanilla
P3 - and prefer 'C' and Pascal.

Hey ... has anyone found a decent native ADA compiler ?
No, not GNU .... that's just ADA syntax -> 'C'. May as
well just write 'C'. Just as frustrating to get a native
Modula-2 compiler working ...

Not sure about the integrity of more modern stuff
like Rust. No point in spending time learning the
language if it's prone to contamination. Semi-"dead"
languages might be most secure.

Oh well, there's always Forth, Algol-68 ........

Assembler can be a buzz too. Mind you though, I wrote
a lot of stuff for ancient 6809/6502/8087/8085/PIC and such
back in the day ... 'C' was a LUXURY - mostly so I didn't
have to write bit-bang serial code. As such it's not as
intimidating to me as with the younger crowd. Not
an especially useful TIME investment these days however ...
but they're not going to hack assembler :-)

[Andrei Z.]

3 New Malicious Packages Found on PyPI
Highly Used Packages Identified Through Text Analysis

https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2