API security, Supply chain

Top.gg, others targeted by software supply chain attack

Python website.

SiliconAngle reports that the Top.gg GitHub organization, which is commonly leveraged for Discord servers, and other GitHub developers have been compromised in a new software supply chain attack campaign that involved browser cookie exfiltration and malicious PyPi package publication.

After having various widely used GitHub projects linked to a dependency on fraudulent Python infrastructure to allow the release of malicious PyPi packages, attackers leveraged the typosquatted "files[.]pypihosted[.]org" domain to lure downloads of weaponized versions of Colorama and other popular packages, a Checkmarx report showed. Threat actors also proceeded to leverage space padding and other techniques to obfuscate the payload within the poisoned Colorama package before creating additional malicious GitHub repositories. Such an intrusion is indicative of threat actors' relentless efforts in bolstering supply chain attacks, according to Cequence Security Hacker in Residence Jason Kent. "This attack was sophisticated in nature and is looking to create havoc on systems that users are accessing daily... Be prepared, log out of your systems when you are done, don't store API Keys and make sure your authentication artifacts are as ephemeral as possible," said Kent.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.