The researchers cautioned that a threat actor was typosquatting well-known PyPI packages to lead programmers to harmful dependencies that contained code to download Golang payloads (Go). The attack’s goal is to infect victims with ransomware variants that alter the desktop background to display a message pretending to be from the CIA and telling the victim to open a “readme” file.
Also Read: How Enterprises Can Safeguard SaaS Data from Ransomware Attacks
Additionally, the malware tries to encrypt a few of the victim’s files. In reality, the ‘readme’ file is a ransom note demanding USD 100 in cryptocurrency from the victim in exchange for a decryption key.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates