Macs subjected to malicious packages in new attack campaign

MacOS devices have been targeted in a new campaign involving malicious NPM, PyPI, and RubyGems packages that aimed to exfiltrate user data, according to SecurityWeek. Phylum researchers discovered that initial malicious NPM and PyPI packages have been uploaded during the weekend, with both packages found to facilitate the collection of system and network data collection from macOS devices, which are later exfiltrated to attacker-controlled servers. Similar functionality has also been observed with the RubyGems package. Moreover, all packages were found to establish communications with a singular IP address, indicating an association. "The author of these packages is staging a broad campaign against software developers. The end goal of this campaign remains unclear," said Phylum. All of the malicious PyPI packages have already been removed after the ecosystem was notified. Such a campaign follows a recent operation reported by Phylum that involved the use of malicious Crates.io packages in an effort to compromise Rust developers.