Krystal Norris

Krystal Norris Contact information, map and directions, contact form, opening hours, services, ratings, photos, videos and announcements from Krystal Norris, Advertising agency, london, London Borough of Lewisham.

Phylum uncovers targeted malware disguised in Python packagePhylum’s cybersecurity experts have detected a malicious pay...
17/02/2025

Phylum uncovers targeted malware disguised in Python package
Phylum’s cybersecurity experts have detected a malicious payload embedded within a popular Python package on the PyPI repository. The package, named requests-darwin-lite, is an unauthorised variant of the widely-used requests library.

The requests-darwin-lite package was cleverly designed to emulate its legitimate counterpart but included a Go binary concealed within an oversized image file pretending to be a simple logo. This file – a PNG labelled as a sidebar image – unusually weighed around 17MB, a stark contrast to the normal size of approximately 300kB for the genuine version.

During the installation of the package, a specialised command class ‘PyInstall’ was triggered if the installation environment was macOS. This class executed a base64-encoded command that extracted the system’s UUID (Universal Unique Identifier).

The code checked for a specific UUID—indicating a highly targeted attack. If the UUID did not match, the installation continued without deploying the malware. This suggests the attackers were testing their deployment or had a very specific target in mind.

When the conditions were met, the oversized PNG file was processed to extract the hidden binary—which was then made executable and run in the background, effectively giving the attackers control of the machine. File analysis identified the binary as a component of OSX/Silver, a C2 (command and control) framework similar to Cobalt Strike but lesser-known and thus less likely to be detected.

Phylum noted that earlier versions of this package included the malicious installation hook and the packed binary. However, subsequent versions – identified as 2.28.0 and 2.28.1 – had dialled back on these aggressive features; the former no longer executed the binary upon installation, and the latter lacked the malicious components altogether.

The discovery prompted an immediate report to PyPI, leading to the removal of all versions of the package from the repository. This sequence of events underscores the need for vigilance in the open-source community where dependency confusion and targeted attacks are becoming increasingly sophisticated.

Sonatype exposes malicious PyPI package ‘pytoileur’Sonatype has exposed ‘pytoileur’, a malicious PyPI package designed t...
17/02/2025

Sonatype exposes malicious PyPI package ‘pytoileur’
Sonatype has exposed ‘pytoileur’, a malicious PyPI package designed to download and install trojanised Windows binaries capable of surveillance, commandeering persistence, and stealing cryptocurrency. This discovery is part of a broader, months-long “Cool package” campaign aimed at infiltrating the coding community.

Yesterday, an automated malware detection system operated by Sonatype, known as the Sonatype Repository Firewall, flagged a newly published PyPI package called “pytoileur.” The malicious package, tracked as sonatype-2024-1783, had registered 264 downloads since its release before Sonatype alerted PyPI administrators to remove it.

The package described itself as a “Cool package.” with an HTML description claiming it to be “an API Management tool written in Python.” Intriguingly, it included a reference to “pystob,” a now-defunct package, indicating an attempt at typosquatting to deceive users of legitimate packages like “Pyston.”

Concealed malware
At first glance, the “setup.py” file within “pytoileur” seemed clean, but Sonatype security researcher Jeff Thornhill uncovered malicious code cleverly hidden with excessive white spaces.

“While the base64 encoding is pretty standard in applications and doesn’t offer much in terms of masquerading malicious code, the author had attempted to ‘hide’ this particular encoded string from manual human review by injecting it after a print statement, and then including a paragraphs’ length of whitespace prior to the code,” Thornhill explained.

SlashData: Rust sees fastest growth, JavaScript still dominatesAccording to SlashData’s findings, the JavaScript communi...
17/02/2025

SlashData: Rust sees fastest growth, JavaScript still dominates
According to SlashData’s findings, the JavaScript community grew by an impressive four million users in the past 12 months, solidifying its status as the most widely-used programming language globally.

Here is a breakdown of the size of various programming language communities:

JavaScript: 25.2 million developers
Python: 18.2 million developers
Java: 17.7 million developers
C++: 11.6 million developers
C #: 10.2 million developers
PHP: 9.8 million developers
C: 6.5 million developers
Kotlin: 5.6 million developers
Go: 4.7 million developers
Swift: 4.6 million developers
Rust: 4 million developers
Dart: 2.9 million developers
Objective-C: 2.7 million developers
Ruby: 2.5 million developers
Lua: 1.8 million developers

Address

London
London Borough Of Lewisham
343543

Alerts

Be the first to know and let us send you an email when Krystal Norris posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Share