Skip to content Skip to footer

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

A recent report reveals that a previously dormant package available on the Package Index () repository was updated with an information-stealing called Nova Sentinel. The package named django-log-tracker was initially published to in April 2022. It remained untouched for nearly two years until software supply chain security firm Phylum detected a suspicious update on February 21, 2024.

Although the linked repository for the package has yet to be updated since April 10, 2022, the introduction of a malicious update suggests a possible compromise of the account belonging to the developer. The package has been downloaded 3,866 times, with the rogue version (1.0.4) downloaded 107 times when it was published. However, the package is no longer available for download from .

According to Phylum, the attacker who made the malicious update stripped the package of most of its original content, leaving only an init.py and example.py file behind. The changes made were simple and self-explanatory, involving fetching an executable named “Updater_1.4.4_x64.exe” from a remote server (“45.88.180[.]54”), followed by launching it using the Python os.startfile() function.

The binary, for its part, comes embedded with Nova Sentinel, an information-stealing first documented by Sekoia in November 2023 as being distributed as fake Electron apps on bogus sites that offer video game downloads.

Phylum has noted that what is particularly interesting about this particular case is that the attack vector appears to be an attempted supply-chain attack via a compromised account. If the package had been more popular, any project listed as a dependency without a specific version or a flexible version specified in its dependency file would have pulled the latest, malicious version of the package.

This incident serves as another reminder of the persistent threat that supply-chain attacks can pose to software development and the importance of vigilance and comprehensive security measures in protecting software supply chains.

Want to read more? Check out the original article available at The Hacker News!

Read More

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

- Mrs. Murphy: What did you learn in school today?
- Dade: Revenge.
Lauren Murphy & Dad

Deitasoft © 2024. All Rights Reserved.