Evidence Leads to Lazarus as the VMConnect Supply Chain Attack Continues
Contents
Recently, Sonatype and Reversing Labs analyzed the fraudulent PyPI package ‘VMConnect,’ developed to imitate the authentic VMware vSphere connector module closely, ‘vConnector,’ but actually contains a malicious code.
Background:
24 malicious packages imitating three well-known open source Python tools were discovered by ReversingLabs researchers. These tools are vConnector, a wrapper module for the pyVmomi VMware vSphere bindings, eth-tester, a set of tools for testing Ethereum-based applications, and databases, a tool that provides asyncro support for a number of databases.
The campaign started on or about July 28, 2023, when the first of the malicious packages was released, according to the research team’s observations. Even now, new malicious PyPI packages are still being published every day as older ones are found and taken down.
Analysis of the campaign:
The VMConnect campaign is the most recent instance of malware spreading through open source modules, providing additional evidence that security checks of open source code repositories may not …
Background:
24 malicious packages imitating three well-known open source Python tools were discovered by ReversingLabs researchers. These tools are vConnector, a wrapper module for the pyVmomi VMware vSphere bindings, eth-tester, a set of tools for testing Ethereum-based applications, and databases, a tool that provides asyncro support for a number of databases.
The campaign started on or about July 28, 2023, when the first of the malicious packages was released, according to the research team’s observations. Even now, new malicious PyPI packages are still being published every day as older ones are found and taken down.
Analysis of the campaign:
The VMConnect campaign is the most recent instance of malware spreading through open source modules, providing additional evidence that security checks of open source code repositories may not …
IoC
049cc8d88a086c8fc69b51d76b6c0c4c2a66fa08
0b7b4444f820e9990dfeb5e2080321b5f25a9785
0dc723e77a5b97183a90eaecb62c9b7341e483ed
0eb79e80c51c0e14be3620dfb237f7b53160a292
146942c5dbaba55be174b1bfb127410e332caa03
19684554e4905bb3cf354a5d5a0f00d696f38926
2c72edf29d5bca22525d612c94f1ee323c47be0c
2ff1b3aa2dbff6d87447b250a8d19241e7853ab0
321363f11464208ee24e56a700ad5d26154df4bd
39e9859f0cf85a0c8361e042e8316d4e185d1cfb
45.61.136.133
45.61.139.219
497df2fd2dba324be04cc57f50a3170b532aa70c
5e026885bcf4b67993aefa4e992153f6d81c11da
5f03b73d56528ecbc3f24b8e7daec6b3d3370834
658605988c7afd9adf437fb64ff682cb4190f144
664f0913a5952eeb77373f83e090fab7e94aa45e
67226da423ab4a2c97b2d008dec45280aaa5fdf5
6bf76b01bd17f370cd3f9947135bf250597d1ac1
859f5b0af717fca9f890dcba0b87ac63be469033
89c05ecd388c5f168704c5a8e1d37f72a7f0f0f4
9588affaf9d85e2141b9d76b914d9f89a8292574
9a276ca3678898f5596166416f7e709a2064e95c
9b8eefa1d7ee348c2b1b4c350028df5c2707c3d8
a1b039f88c385f5c5eec2ef1701251c7341b1fcd
aeeb445216a205abd770546dfa8d03f8b94515a1
b0095f149951241c6e11e0d1be1f74e8cdfbdbb2
b1880340818a1feda156abd272255bcc018f8bef
b1f2d50be0aca0672475488d77c6f71a1b0633f8
bbb1e2ac1d243b8db922a23821de570702140145
bc2d48d6d9eeaf0b29625683942e90dfd2b75723
bd7ba47f730c2bc33afa67a39d9cbe3768f62426
d404a55f1f7fbcd8b3156a84ebcf97c57ba24b95
dbc14c3ac0528a8aeb6edba8a0b2792dab131102
de4e9efeace6ff76dc00a166dca152dc3021d799
e063b210b50ca1426da45afa430d87c53b2ef5d2
e3545b2c53c2cb8f012f0badc1bf452badfee341
e531121b137182453f0d120be860ad882d2dc0a7
e6494b9a91862191556d77022e5577ddbe749ef4
fdea182ffe7c04c28f28f88ceb9624732bb36bdc
0b7b4444f820e9990dfeb5e2080321b5f25a9785
0dc723e77a5b97183a90eaecb62c9b7341e483ed
0eb79e80c51c0e14be3620dfb237f7b53160a292
146942c5dbaba55be174b1bfb127410e332caa03
19684554e4905bb3cf354a5d5a0f00d696f38926
2c72edf29d5bca22525d612c94f1ee323c47be0c
2ff1b3aa2dbff6d87447b250a8d19241e7853ab0
321363f11464208ee24e56a700ad5d26154df4bd
39e9859f0cf85a0c8361e042e8316d4e185d1cfb
45.61.136.133
45.61.139.219
497df2fd2dba324be04cc57f50a3170b532aa70c
5e026885bcf4b67993aefa4e992153f6d81c11da
5f03b73d56528ecbc3f24b8e7daec6b3d3370834
658605988c7afd9adf437fb64ff682cb4190f144
664f0913a5952eeb77373f83e090fab7e94aa45e
67226da423ab4a2c97b2d008dec45280aaa5fdf5
6bf76b01bd17f370cd3f9947135bf250597d1ac1
859f5b0af717fca9f890dcba0b87ac63be469033
89c05ecd388c5f168704c5a8e1d37f72a7f0f0f4
9588affaf9d85e2141b9d76b914d9f89a8292574
9a276ca3678898f5596166416f7e709a2064e95c
9b8eefa1d7ee348c2b1b4c350028df5c2707c3d8
a1b039f88c385f5c5eec2ef1701251c7341b1fcd
aeeb445216a205abd770546dfa8d03f8b94515a1
b0095f149951241c6e11e0d1be1f74e8cdfbdbb2
b1880340818a1feda156abd272255bcc018f8bef
b1f2d50be0aca0672475488d77c6f71a1b0633f8
bbb1e2ac1d243b8db922a23821de570702140145
bc2d48d6d9eeaf0b29625683942e90dfd2b75723
bd7ba47f730c2bc33afa67a39d9cbe3768f62426
d404a55f1f7fbcd8b3156a84ebcf97c57ba24b95
dbc14c3ac0528a8aeb6edba8a0b2792dab131102
de4e9efeace6ff76dc00a166dca152dc3021d799
e063b210b50ca1426da45afa430d87c53b2ef5d2
e3545b2c53c2cb8f012f0badc1bf452badfee341
e531121b137182453f0d120be860ad882d2dc0a7
e6494b9a91862191556d77022e5577ddbe749ef4
fdea182ffe7c04c28f28f88ceb9624732bb36bdc