researchers-uncover-pypi-package-hiding-malicious-code-behind-image-file

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File

A malicious package discovered on the Python Package Index (PyPI) has been found employing a steganographic trick to conceal malicious code within image files.

The package in question, named “apicolor,” was uploaded to the Python third-party repository on October 31, 2022, and described as a “Core lib for REST API,” according to Israeli cybersecurity firm Check Point. It has since been taken down.

Apicolor, like other rogue packages detected recently, harbors its malicious behavior in the setup script used to specify metadata associated with the package, such as its dependencies.

This takes the form of a second package called “judyb” as well as a seemingly harmless PNG file (“8F4D2uF.png”) hosted on Imgur, an image-sharing service.

“The judyb code turned out to be a steganography module, responsible [for] hiding and revealing hidden messages inside pictures,” Check Point explained.

The attack chain entails using the judyb package to extract obfuscated Python code embedded within the downloaded image, which, upon decoding, is designed to retrieve and execute a malicious binary from a remote server.

The development is part of an ongoing trend where threat actors are increasingly setting their sights on the open source ecosystem to exploit the trust associated with third-party software to mount supply chain attacks.

Even more troublingly, such malicious libraries can be incorporated into other open source projects and published on GitHub, effectively broadening the scope and scale of the attacks.

“These findings reflect careful planning and thought by a threat actor, who proves that obfuscation techniques on PyPI have evolved,” the company said.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Top 6 Cell Phone Tracker Apps for Parental Control

Top 6 Cell Phone Tracker Apps for Parental Control

Do you have difficulty knowing what your kids are up to when you’re not around? Do you want to ensure…
Moses Staff Hackers Publish Footage of Jerusalem Explosion

Moses Staff Hackers Publish Footage of Jerusalem Explosion

In a dramatic series of events, an Iranian hacker group by the name of Moses Staff published footage of the…
Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Watch Out Gamers: Hackers Exploiting MSI Afterburner to Deliver Coin Miner

Cyble Research & Intelligence Labs (CRIL) recently uncovered a phishing campaign used by threat actors to deliver cryptocurrency miner softwares…