Open Source Software Are Targeted By A Ransomware Campaign With A Carefully Disguised Payload
December 13, 2022 – Published on Open Source For U
According to recent research by Checkmarx and Phylum, an ongoing ransomware campaign targets well-known open source packages that regularly see close to 15 million installations every week and conceals its payload in an unusual method.
The campaign, which includes embedded malware, targets the well-known “requests” package on Pypi and the “discord.js” package on NPM, according to a blog post by Checkmarx researchers. When the ransomware is run, it encrypts the victim’s computer data and demands $100 in cryptocurrency to decrypt them.
Because the malware payload is compatible with several different operating systems, the campaign can target a larger population. The ransomware communications and infrastructure were also given the U.S. Central Intelligence Agency names by the perpetrators.
In the next months, ransomware attacks targeting open source software are expected to increase, according to Kristen Bell, director of application security at GuidePoint Security.
Read More HERE.