False Packages Delivering Ransomware Target Python and JavaScript Developers


Python and JavaScript developers are the targets of a new software supply chain attack, according to security researchers at Phylum.

The researchers cautioned that a threat actor was typosquatting well-known PyPI packages to lead programmers to harmful dependencies that contained code to download Golang payloads (Go). The attack’s goal is to infect victims with ransomware variants that alter the desktop background to display a message pretending to be from the CIA and telling the victim to open a “readme” file.

Also Read: How Enterprises Can Safeguard SaaS Data from Ransomware Attacks

Additionally, the malware tries to encrypt a few of the victim’s files. In reality, the ‘readme’ file is a ransom note demanding USD 100 in cryptocurrency from the victim in exchange for a decryption key.

Read More: Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates