Over 170K Users Affected by Attack Using Fake Python Infrastructure

The Checkmarx Research team uncovered a sophisticated attack campaign targeting the software supply chain, affecting numerous victims, including the Top[.]gg GitHub organization with over 170k users and individual developers. The attackers utilized various tactics such as account takeover, malicious code contributions, setting up a fake Python mirror, and publishing tainted packages to the PyPi registry. They employed multiple deceptive techniques to evade detection, including creating convincing typosquatting domains and hiding malicious code within legitimate packages.

Security Officer Comments:
The attackers hijacked high-reputation GitHub accounts to contribute malicious commits and spread the malware further. The malicious payload, distributed through poisoned dependencies, executed multiple stages of obfuscated code, aiming to steal sensitive data like browser information, Discord tokens, cryptocurrency wallets, and more.

Suggested Corrections:
The incident underscores the importance of scrutinizing dependencies and maintaining robust security practices in the software supply chain.