Security researchers have identified a concerning uptick in malicious activities infiltrating open-source platforms and code repositories.
This trend encompasses a wide array of malicious activities, including hosting command-and-control (C2) infrastructure, storing stolen data and disseminating various forms of malware.
In a recent discovery, ReversingLabs reverse engineer Karlo Zanki uncovered two suspicious packages on the Python Package Index (PyPI), named NP6HelperHttptest and NP6HelperHttper. These packages were found to employ DLL sideloading, a technique malicious actors use to execute code discreetly and avoid detection by security monitoring tools.
Typosquatting and repojacking, also used in the deployment of these packages, are common tactics malicious actors employ to distribute look-alike packages, aiming to deceive developers into incorporating them into their applications.
The recent discovery of NP6HelperHttptest and NP6HelperHttper on PyPI exemplifies such tactics, exploiting similarities with legitimate NP6 packages – a marketing automation tool developed by Chapvision – to dupe unsuspecting users.
No tags.
