all InfoSec news
New Malicious PyPI Packages used by Lazarus
Malware Analysis, News and Indicators - Latest topics malware.news
JPCERT/CC has confirmed that Lazarus has released malicious Python packages to PyPI, the official Python package repository (Figure 1). The Python packages confirmed this time are as follows:
- pycryptoenv
- pycryptoconf
- quasarlib
- swapmempool
The package names pycryptoenv and pycryptoconf are similar to pycrypto, which is a Python package used for encryption algorithms in Python. Therefore, the attacker probably prepared the malware-containing malicious packages to target users' typos in installing Python packages.
This article provides details on these malicious Python packages.
Figure …
algorithms encryption lazarus malicious malicious pypi packages malware analysis names official package packages pypi pypi packages python python package python packages repository