Backdoor implant discovered on PyPI posing as debugging utility

SUMMARY :

A sophisticated malicious package named 'dbgpkg' was detected on PyPI, masquerading as a Python debugging utility. The package implants a backdoor on systems, enabling execution of malicious code and data exfiltration. It uses function wrapping techniques to evade detection and is believed to be part of a larger campaign possibly linked to a hacktivist group known as Phoenix Hyena. The campaign also includes other packages like 'discordpydebug' and 'requestsdev'. The attackers' motivation appears to be geopolitical, potentially related to the Russia-Ukraine conflict. The use of specific backdooring techniques and tools like Global Socket Toolkit indicates a high level of sophistication and an intent to establish long-term presence on compromised systems.

OPENCTI LABELS :

backdoor,russia,ukraine,pypi,supply chain attack,hacktivist,dbgpkg,function wrapping,global socket toolkit,requestsdev,discordpydebug


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Backdoor implant discovered on PyPI posing as debugging utility