Gmail reading malware || Malicious python libraries
CyberInsights #56
“SHARPEXT” - gmail reading malicious extension
Are you on Gmail or on Office 365? - is a natural question. Just like the Apple or Android question. Given the ubiquity of gmail, it is scary to see a malware being able to read all mails.
The SharpTongue group from North Korea is believed to have released a malicious browser extension that can read your gmails as you browse. Compromised machines where this extension is installed can read all gmails on the specified browsers.
Take Action:
In the article there are certain Yara Rules and IOCs that you can use to mitigate this threat.
pip install malicious code
Software supply chain risks
This attack vector is growing leaps and bounds. We often come across malicious libraries tastefully dangled for gullible programmers to, well, pip install!
This list of 10 libraries were recently removed from PyPi (the python package index). For all those of us who have not very familiar with PyPi, it is a library of python utilities built to do tasks so that you do not have to manually write code. For example, one of the malicious libraries is titled “free-net-vpn”. To a developer on a timeline, this seems an easy way to implement a VPN quickly. They download the library using the command:
pip install free-net-vpnand the malicious library gets inserted in the environment, ready to be used in code.
Take Action:
We’ve mentioned this often. A Software Bill of Material (SBoM) is essential. It’s a task, but everyone will be much wiser and safer for it.
Read this LongReads about open source security and SBOM for more clarity.
Enjoyed reading? Receive this in your email every week.