Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages.
Unit 42 researchers named these infected software packages PondRAT. They’ve also found Linux variants of POOLRAT, a known macOS remote administration tool (RAT) previously attributed to Gleaming Pisces (aka Citrine Sleet, distributor of AppleJeus). Based on our research into both RAT families, Unit 42 assess that the new PondRAT is a lighter version of POOLRAT.
Read more…
Source: Palo Alto Unit 42
Related:
- Infamous ransomware hackers reveal new tool to brute-force VPNs
March 17, 2025
The “BRUTED” tool has apparently been in use for years now, according to cybersecurity researchers EclecticIQ, who have been sifting through the recently-leaked Black Basta chat logs, which were leaked and subsequently uploaded to a GPT for easier analysis. Besides being used to analyze the group’s structure, organization, and activities, researchers used it to identify the ...
- Research on iOS apps shows widespread exposure of secrets
March 14, 2025
Researchers found that most of the apps available on Apple’s App Store leak at least one hard-coded secret. The researchers looked at 156,000 iOS apps and discovered more than 815,000 hardcoded secrets, including very sensitive secrets like keys to cloud storage, various Application Programming Interfaces (APIs), and even payment processors. The researchers noted how: “The average ...
- UK National Crime Agency officer charged following alleged Bitcoin theft
March 13, 2025
An officer from the National Crime Agency (NCA) has been charged after the alleged theft of Bitcoin. Paul Chowles, 42, from Bristol, is charged with 15 offences relating to the alleged theft of 50 Bitcoin during an investigation into online organised crime, a spokeswoman for Merseyside Police said. According to the force, the cryptocurrency was worth ...
- Cisco Releases Security Advisories for Cisco IOS XR Software
March 13, 2025
Cisco has released 10 security advisories addressing multiple vulnerabilities, including seven high and three medium severity advisories affecting Cisco IOS XR Software, which is a networking software system. CVE-2025-20138 is an ‘improper neutralization of special elements used in an OS Command’ vulnerability with a CVSSv3 score of 8.8. Successful exploitation could allow an authenticated, remote attacker ...
- Head Mare and Twelve join forces to attack Russian entities
March 13, 2025
In September 2024, a series of attacks targeted Russian companies, revealing indicators of compromise and tactics associated with two hacktivist groups: Head Mare and Twelve. kaspersky investigation showed that Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents. This ...
- #StopRansomware: Medusa Ransomware
March 12, 2025
Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing. The Medusa ransomware variant is unrelated to the MedusaLocker variant and the Medusa mobile ...