VMConnect: Malicious PyPI packages imitate popular open source modules
Contents
ReversingLabs has identified several malicious Python packages on the Python Package Index (PyPI) open source repository. In all, ReversingLabs researchers uncovered 24 malicious packages imitating three, popular open source Python tools: vConnector, a wrapper module for pyVmomi VMware vSphere bindings; as well as eth-tester, a collection of tools for testing ethereum based applications; and databases, a tool that gives asyncro support for a range of databases.
Based on the research team's observations, the campaign began on or around July 28, 2023, when the first of the malicious packages were published. It continues to the current day, with new, malicious PyPI packages posted on a daily basis, as prior packages are detected and removed.
In contrast to other, recent supply chain campaigns, such as Operation Brainleeches, the malicious packages that make up this campaign display evidence of a concerted effort to deceive developers. They achieve this by implementing the entire functionality of the …
Based on the research team's observations, the campaign began on or around July 28, 2023, when the first of the malicious packages were published. It continues to the current day, with new, malicious PyPI packages posted on a daily basis, as prior packages are detected and removed.
In contrast to other, recent supply chain campaigns, such as Operation Brainleeches, the malicious packages that make up this campaign display evidence of a concerted effort to deceive developers. They achieve this by implementing the entire functionality of the …
IoC
0b7b4444f820e9990dfeb5e2080321b5f25a9785
0dc723e77a5b97183a90eaecb62c9b7341e483ed
0eb79e80c51c0e14be3620dfb237f7b53160a292
146942c5dbaba55be174b1bfb127410e332caa03
19684554e4905bb3cf354a5d5a0f00d696f38926
2ff1b3aa2dbff6d87447b250a8d19241e7853ab0
45.61.139.219
497df2fd2dba324be04cc57f50a3170b532aa70c
5f03b73d56528ecbc3f24b8e7daec6b3d3370834
658605988c7afd9adf437fb64ff682cb4190f144
664f0913a5952eeb77373f83e090fab7e94aa45e
67226da423ab4a2c97b2d008dec45280aaa5fdf5
6bf76b01bd17f370cd3f9947135bf250597d1ac1
9588affaf9d85e2141b9d76b914d9f89a8292574
9a276ca3678898f5596166416f7e709a2064e95c
a1b039f88c385f5c5eec2ef1701251c7341b1fcd
b0095f149951241c6e11e0d1be1f74e8cdfbdbb2
b1f2d50be0aca0672475488d77c6f71a1b0633f8
bc2d48d6d9eeaf0b29625683942e90dfd2b75723
bd7ba47f730c2bc33afa67a39d9cbe3768f62426
d404a55f1f7fbcd8b3156a84ebcf97c57ba24b95
dbc14c3ac0528a8aeb6edba8a0b2792dab131102
de4e9efeace6ff76dc00a166dca152dc3021d799
e531121b137182453f0d120be860ad882d2dc0a7
e6494b9a91862191556d77022e5577ddbe749ef4
0dc723e77a5b97183a90eaecb62c9b7341e483ed
0eb79e80c51c0e14be3620dfb237f7b53160a292
146942c5dbaba55be174b1bfb127410e332caa03
19684554e4905bb3cf354a5d5a0f00d696f38926
2ff1b3aa2dbff6d87447b250a8d19241e7853ab0
45.61.139.219
497df2fd2dba324be04cc57f50a3170b532aa70c
5f03b73d56528ecbc3f24b8e7daec6b3d3370834
658605988c7afd9adf437fb64ff682cb4190f144
664f0913a5952eeb77373f83e090fab7e94aa45e
67226da423ab4a2c97b2d008dec45280aaa5fdf5
6bf76b01bd17f370cd3f9947135bf250597d1ac1
9588affaf9d85e2141b9d76b914d9f89a8292574
9a276ca3678898f5596166416f7e709a2064e95c
a1b039f88c385f5c5eec2ef1701251c7341b1fcd
b0095f149951241c6e11e0d1be1f74e8cdfbdbb2
b1f2d50be0aca0672475488d77c6f71a1b0633f8
bc2d48d6d9eeaf0b29625683942e90dfd2b75723
bd7ba47f730c2bc33afa67a39d9cbe3768f62426
d404a55f1f7fbcd8b3156a84ebcf97c57ba24b95
dbc14c3ac0528a8aeb6edba8a0b2792dab131102
de4e9efeace6ff76dc00a166dca152dc3021d799
e531121b137182453f0d120be860ad882d2dc0a7
e6494b9a91862191556d77022e5577ddbe749ef4