BleepingComputer reports that a Counter-Strike 1.6 server has been subjected to distributed denial-of-service attacks facilitated by 12 malicious Python packages with names resembling popular packages, such as TensorFlow, ipaddress, and Gensim.
Checkmarx researchers discovered that the malicious PyPi packages including TensorFolw, ipaddres, ipadress, Gesnim, Seabron, Kears, tqmd, mokc, lxlm, falsk, inda, and douctils have been uploaded by devfather777 and remain online despite being reported to the PyPi repository. Downloading the malicious packages will prompt confirmation of the host's operating system, with confirmation of Windows OS triggering the download of a test.exe payload from GitHub. After performing self-installation and establishing a Startup entry for persistence while proceeding with expired system-wide Root certificate injection, the malware will then communicate with a hardcoded URL for configuration receipt.
"This is the first time we see a malware (strain) in the software supply chain ecosystem using [domain generation algorithm] or, in this case, UGA to allocate generated name for new instructions for the malicious campaign," said Checkmarx.
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
Novel DuckLogs malware-as-a-service detailed More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer.
BleepingComputer reports that Redis servers that remain unpatched to CVE-2022-0543 are being compromised with the novel Go-based Redigo malware, which is not yet detected on VirusTotal antivirus engines.