A sophisticated software supply chain attack leveraging Python Package Index (PyPI) repositories to deploy malware using Google’s SMTP infrastructure as a command-and-control mechanism. The campaign involved seven malicious packages – Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb – which collectively amassed over 55,000 downloads before being removed. Sophisticated Tunneling Technique The malicious packages operate […]
The post 7 Malicious PyPI Packages Abuse Gmail’s SMTP Protocol to Execute Malicious Commands appeared first on Cyber Security News.
This article has been indexed from Cyber Security News