Hackers have targeted GitHub users through a fake Python infrastructure, according to researchers at Checkmarx.
Bro, what??
Over 170,000 users affected through a hijacked GitHub account used to spread info stealer #malware!
This was a first-of-its-kind “mirror poisoning” attack where the attacker distributed a malicious #Python dependency hosted on a fake Python infrastructure by… pic.twitter.com/oi9pRArxQq
— Checkmarx Supply Chain Security (@Cx_SCS) March 25, 2024
The malware was disguised as the popular package “colorama” and spread among over 170,000 members of the Top.gg community through a compromised account of one of its members.
The attack involved a multi-stage process of executing code from several external sources.
The malware aimed to steal data from browsers, Discord, Instagram, Telegram sessions, files, and cryptocurrency wallets. Additionally, a keylogger component allowed attackers to capture keystrokes to steal passwords, private messages, and financial data.
Earlier in March, researchers at Apiiro discovered 100,000 malicious repositories uploaded to GitHub to infect developers with an info stealer.