May 13, 2024 at 05:58PM
A new malicious Python package, ‘requests-darwin-lite’, mimicked the ‘requests’ library on PyPI to target macOS devices, deploying the Sliver C2 adversary framework with steganography in a PNG file. The campaign’s discovered steps involved executing the Sliver payload on targets. Despite its removal, the incident highlights Sliver’s increased use in breaching networks.
Key takeaways from the meeting notes:
– A new package mimicked the popular ‘requests’ library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, utilized for gaining initial access to corporate networks.
– Phylum discovered a campaign involving the use of steganography in a PNG image file to covertly install the Sliver payload on the target, with the malicious PyPI package subsequently being removed.
– Sliver is a cross-platform, open-source adversarial framework testing suite with features such as custom implant generation, command and control capabilities, post-exploitation tools/scripts, and rich attack emulation options.
– Hackers are increasingly using Sliver as an alternative to the commercial pen-testing framework Cobalt Strike, which has become easier to detect and block.
– Throughout 2022 and 2023, Sliver was observed targeting macOS devices and being used in BYOVD attacks and ransomware operations, with CISA and the FBI highlighting its common usage in network breaches.
– In the latest attack observed by Phylum, a malicious Python package for macOS named ‘requests-darwin-lite’ contained the Sliver binary inside a PNG image file and utilized steganography. The package was removed after discovery.
– Researchers reported on a widespread malicious campaign called SteganoAmor that conceals malicious code inside images using steganography, with over 320 attacks targeting various sectors and countries.
These points provide a comprehensive overview of the meeting content and highlight the key developments and activities related to the Sliver C2 adversary framework, as well as the broader landscape of cyber threats and attacks using techniques such as steganography.