New Malicious PyPI Packages used by Lazarus

JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository (Figure 1). The Python packages confirmed this time are as follows:

• pycryptoenv


• pycryptoconf


• quasarlib


• swapmempool

The package names pycryptoenv and pycryptoconf are similar to pycrypto, which is a Python package used for encryption algorithms in Python. Therefore, the attacker probably prepared the malware-containing malicious packages to target users' typos in installing Python packages.

This article provides details on these malicious Python packages.

algorithms encryption lazarus malicious malicious pypi packages malware analysis names official package packages pypi pypi packages python python package python packages repository