← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics
WHITE Enterprise Strategy dekaRituraj 2024-02-20 Modified: 2024-02-20
17
IOCs
MEDIUM VOLUME
Cybersecurity researchers have discovered two malicious packages on the Python Package Index (PyPI) repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttper, were each downloaded 537 and 166 times, respectively, before they were taken down.
pypisoftware supplyreversinglabschain securitystrongnp6helperhttperdll sideloadingiocsstatesupply chaincobalt strikefebruarydownloadmalwaremaliciousclosepythonjuneenterprise strategy
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike
Indicators of Compromise (1 / 17 total)
All FileHash-MD5 FileHash-SHA1 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 e3214c81339540a3804fca656f5aea7d 2024-02-20
References (2)
↗ https://www.reversinglabs.com/blog/attackers-leverage-pypi-to-sideload-malicious-dlls ↗ https://thehackernews.com/2024/02/new-malicious-pypi-packages-caught.html