TLDR:
- Over 170,000 Python developers’ GitHub accounts hacked in a supply chain attack.
- Attack campaign used fake Python infrastructure to distribute malware.
Checkmarx Research has uncovered a sophisticated attack campaign that targeted the software supply chain, specifically focusing on Python developers. The attackers created fake Python infrastructure to distribute malware, impacting over 170,000 users. The campaign involved social engineering, account takeovers, and the distribution of malicious packages through popular platforms like GitHub and PyPi. The attackers targeted high-reputation GitHub accounts, including the Top.gg organization, to spread their malware and steal sensitive data. The malware included a keylogging component and targeted web browsers, Discord, cryptocurrency wallets, and Telegram. This attack highlights the vulnerabilities in the software supply chain and emphasizes the need for increased security measures and collaboration within the cybersecurity community.