The senior security editor at Ars Technica writes:
Highly invasive malware targeting software developers is once again circulating in Trojanized code libraries, with the latest ones downloaded thousands of times in the last eight months, researchers said Wednesday.
Since January, eight separate developer tools have contained hidden payloads with various nefarious capabilities, security firm Checkmarx reported. The most recent one was released last month under the name “pyobfgood.” Like the seven packages that preceded it, pyobfgood posed as a legitimate obfuscation tool that developers could use to deter reverse engineering and tampering with their code. Once executed, it installed a payload, giving the attacker almost complete control of the developerâ(TM)s machine. Capabilities include:
– Exfiltrate detailed host information
– Steal passwords from the Chrome web browser
– Set up a keylogger
– Download files from the victim’s system
– Capture screenshots and record both screen and audio
– Render the computer inoperative by ramping up CPU