Information stealers are being distributed by six malicious Python Package Index packages including discord-dev, discorder, easytimestamp, pyrologin, pythonstyles, and pyrologin all of which have already been removed, The Hacker News reports.
Threat actors have concealed the malicious code within the libraries' setup script, enabling malware deployment after the execution of a "pip install" command, a report from Phylum found. Researchers noted that a PowerShell script launched by the malware facilitates ZIP archive file retrieval, invasive dependency installation, and Visual Basic Script execution.
Aside from targeting various web browsers and harvest cookies, cryptocurrency wallet data, and saved passwords, the packages also enable the installation of Cloudflare Tunnel command-line tool cloudflared, which could then facilitate the distribution the xrat trojan, also known as poweRAT.
"This thing is like a RAT on steroids. It has all the basic RAT capabilities built into a nice web GUI with a rudimentary remote desktop capability and a stealer to boot!" said Phylum.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.
CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.