Fake VMware vConnector package on PyPI targets IT pros

vtqhtr413

vtqhtr413

Level 27
Thread author
Well-known
Aug 17, 2017
1,609
Content source
https://www.bleepingcomputer.com/news/security/fake-vmware-vconnector-package-on-pypi-targets-it-pros/
A malicious package that mimics the VMware vSphere connector module ‘vConnector’ was uploaded on the Python Package Index (PyPI) under the name ‘VMConnect,’ targeting IT professionals. VMware vSphere is a virtualization tools suite, and vConnector is an interfacing Python module used by developers and system administrators, downloaded roughly 40,000 a month via PyPI. According to Sonatype’s researcher and BleepingComputer’s reporter, Ax Sharma, the malicious package uploaded onto PyPI on July 28, 2023, gathered 237 downloads until its removal on August 1, 2023.

Sonatype’s investigation revealed two more packages with identical code as ‘VMConnect,’ namely ‘ethter’ and ‘quantiumbase,’ downloaded 253 and 216 times, respectively. The ‘ethter’ package mimics the legitimate ‘eth-tester’ package, which has over 70,000 monthly downloads, while ‘quantiumbase’ is a clone of the ‘databases’ package, which is downloaded 360,000/month. All three malicious packages featured the functionality of the projects they mimicked, which could trick victims into believing they are running legitimate tools and prolong the duration of an infection.
Click to expand...
 
  • +Reputation
  • Like
Reactions: Nevi, piquiteco, [correlate] and 3 others
[correlate]

[correlate]

Level 18
Verified
Top Poster
Well-known
May 4, 2019
825
ReversingLabs has identified several malicious Python packages on the Python Package Index (PyPI) open source repository. In all, ReversingLabs researchers uncovered 24 malicious packages imitating three, popular open source Python tools: vConnector, a wrapper module for pyVmomi VMware vSphere bindings; as well as eth-tester, a collection of tools for testing ethereum based applications; and databases, a tool that gives asyncro support for a range of databases.
Click to expand...
www.reversinglabs.com

VMConnect: Malicious PyPI packages imitate popular open source modules

ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
www.reversinglabs.com www.reversinglabs.com
 
  • Like
Reactions: harlan4096 and Balrog
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
North Korean hackers behind malicious VMConnect PyPI campaign
Replies
0
Views
1,239
News Archive
[correlate]
[correlate]
upnorth
    • Wow
    • Like
    • +Reputation
US govt demands data on PyPI developers
Replies
1
Views
1,061
News Archive
Zero Knowledge
Z
[correlate]
    • Like
    • Thanks
Malware News 116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems
Replies
0
Views
1,121
Security News
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top