Arts & Culture
Arts and Culture
Awards
Beauty
Buisiness
busi
Business
Business Directory
Caharity
Charity
Climate
Competitions & Surveys
Construction
CoronaVirus
Cycling
Digital
DISENCHANTMENT
e
ed
Education
Eduction
Emergency
Employment
ener
Energy
Entertainment
Entertianment
Enviroment
Enviromental
Environment
Events
Experts
Fashion
Fashion & Beauty
food
Food & Drink
Football
Funny
Games
Gaming
Government
Health
Heath
Hospitality
Jobs
Kids
Law & Finance
Life
Link Building
LIVE
Members Area
Motoring
Motoring Technology
Music
North East News
Oets
Pets
Politics
Property
Recruitment
Retail
s
Social
Space
Sport
Sports
Techno
Technology
Tecnology
Tennis
Travel & Tourism
Uncategorised
Weather
SentinelLabs, in collaboration with Checkmarx, has been tracking the activity and evolution of a threat actor dubbed “JuiceLedger”. In early 2022, JuiceLedger began running relatively low-key campaigns, spreading fraudulent Python installer applications with ‘JuiceStealer’, a .NET application designed to steal sensitive data from victims’ browsers.
In August 2022, the threat actor engaged in poisoning open-source packages as a way to target a wider audience with the infostealer through a supply chain attack, raising the threat level posed by this group considerably. JuiceLedger operators have actively targeted PyPI package contributors in a phishing campaign, successfully poisoning at least two legitimate packages with malware. Several hundred more malicious packages are known to have been typosquatted.
Key findings include:
- JuiceLedger has rapidly evolved its attack chain from fraudulent applications to supply chain attacks in a little over 6 months
- In August, JuiceLedger conducted a phishing campaign against PyPI contributors and successfully compromised a number of legitimate packages
- Hundreds of typosquatting packages delivering JuiceStealer malware have been identified
- At least two packages with combined downloads of almost 700,000 were compromised
- PyPI says that known malicious packages and typosquats have now been removed or taken down
To read the full report, click this link.