A malicious campaign targeting MacOS, Linux, and Windows systems has been attributed to the North Korean threat group Lazarus. Cybersecurity researchers at ReversingLabs made the disclosure after tracking VMConnect for about a month.
ReversingLabs first spotted the VMConnect campaign in early August. Cybersecurity researcher and blogger Karlo Zanki described it as consisting of two dozen “malicious Python packages” posted on the openly accessible PyPI software repository.
After keeping beady eyes on PyPI for a few weeks, ReversingLabs reckons it has detected three more packages — tableditor, request-plus, and requestspro — that belong to the VMConnect family.
Leave a reply