Adrian Johnson
TLDR:
- A malicious Python package named crytic-compilers was discovered on PyPI, designed to deliver an information stealer called Lumma.
- The fake package masqueraded as a legitimate library named crytic-compile, aiming to trick developers into downloading it.
Cybersecurity researchers found that the rogue package was downloaded 441 times before being removed from PyPI. The counterfeit package mirrored the version numbers of the real crytic-compile library to appear legitimate. However, it contained an information stealer called Lumma, which targeted Windows operating systems to fetch additional payloads. This discovery highlighted the growing trend of threat actors targeting Python developers and using open-source registries like PyPI for distributing malware.
In a separate incident, more than 300 WordPress sites were compromised with malicious Google Chrome update pop-ups that led to the deployment of information stealers and remote access trojans. Hackers gained access to site interfaces and used a legitimate WordPress plugin called Hustle to display the fake update pop-ups, evading detection by file scanners.
Both incidents underscore the importance of cybersecurity vigilance, especially for developers and website administrators who may be targeted by cybercriminals using sophisticated tactics to infiltrate systems and steal sensitive information.
