Cryptominers Snuck Logic Bomb Into Python Packages


Malware can show up where you least expect it. Researchers discovered a logic bomb attack in the Python Package Index (PyPI) repository, which is code repository for Python developers and part of the software supply chain. Attackers aimed to get honest software developers to include the bombs in their applications by accident. 


The researchers found six malicious payloads, all uploaded by a single user. The attacker designed them to run during a package’s installation. People have collectively downloaded these payloads around 5,000 times. Some of the logic bombs were typosquats, designed to trick people into thinking they were normal programs. Their purpose: to hijack developer systems for cryptomining. 


The PyPI event is complex because it combines three different kinds of attacks: logic bombs, cryptojacking and software supply chain attacks.  


It serves as a reminder to all businesses and agencies to guard against all three kinds of attacks. 


The threat posed by these kinds of logic bombs and the threat posed by supply chain malware attacks call for an industry-wide approach by developers, repositories and the larger world of security tools and specialists. But that’s for the longer term. In the short-term, you need to protect your group from this brand of attack. 


Defusing a Logic Bomb


A logic bomb can also be called a code bomb, cyber bomb or slag code. It’s a set of instructions that execute under certain conditions, usually with malicious intent.


One challenge with logic bomb attacks is that they don’t do anything at first. You can’t find them by hunting for strange behavior while they’re dormant. Another ..

Support the originator by clicking the read the rest link below.