Attacker targeting Python developers [Friday, November 17, 2023]

Attacker targeting Python developers [Friday, November 17, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Attacker targeting Python developers

Description :
For close to six months, a malicious actor has been stealthily uploading dozens of malicious Python packages, most of them mimicking the names of legitimate ones, to bait unsuspecting developers.

Published :
2023-11-17T14:26:10.383Z

Created :
2023-11-17T14:26:10.383Z

Modified :
2023-11-17T14:40:08.069Z

Tags

  • stealer
  • cryptocurrency
  • python
  • mimic legitimate package

Indicators

URLs :
  • http://51.178.25.148:8081/dl/sys86
  • https://canary.discord.com/api/webhooks/1155235432406196334/3eFtMXnG2laJjInzO_kAzLbW6ebMgbrrwmAcRtZyOfqnyCh-twTT9pSumcKr5QJvbGEZ
  • http://51.178.25.148:8081/dl/runtime
  • https://canary.discord.com/api/webhooks/1152648911371120681/JlL5FnwmY6nP6RaZxmQ7NI9MGR6HARmAekaPqPDdVTq9K3RJ68Lcd7cz16l9u6eZH9c3
  • http://51.178.25.148:8081/rooter
  • http://51.178.25.148:8081/dl/uwu
  • https://pastebin.com/raw/TwHdexDC
  • https://discord.com/api/webhooks/1103033150558457876/22oUF1rkDTdxz-iq-2EOR4aVXwDr5vFIeE9zWlitIbYSG2E3XhF8KQIzuo1uXy_bOcos
  • https://canary.discord.com/api/webhooks/1153431050517762059/MAkfrB4n1Gz6qe7W8ffWTZF92yfN3D_FWPFFaK_FBgDQWB1ZYfbKHa61X_8L6GK175r0
  • http://51.178.25.148:8081/uploader
  • http://51.178.25.148:8081/gethw
  • http://51.178.25.148:8081/dl/system
  • https://canary.discord.com/api/webhooks/1152716297474424913/z6-hvrQNeyL0m1Mm34JLYj1VVB67sVEXogqJzGCkxYgMFCgCWhQaR07ruMBck1dJAi9g
  • http://51.178.25.148:8081/getip
  • http://51.178.25.148:8081/dl/gamesdk
  • http://51.178.25.148:8081/upload
Attacks Pattern :
  • T1123
  • T1195
  • T1547
  • T1056
  • T1036
  • T1055
  • T1070
  • T1068
  • T1496
  • T1027
  • T1059
  • T1189
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.