PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks

JuiceLedger operators have actively targeted PyPi package contributors in a phishing campaign, successfully poisoning at least two legitimate packages with malware. Several hundred more malicious packages are known to have been typosquatted.

REFERENCE: https://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/

TAGS: Juiceledger, Python, Phishing, Typosquatting, ISO, LNK, Infostealer, Juicestealer

ADVERSARY: Juiceledger

MALWARE FAMILY: Juicestealer

ATT&CK IDS: T1547 - Boot or Logon Autostart Execution, T1176 - Browser Extensions, T1566 - Phishing, T1553 - Subvert Trust Controls, T1036 - Masquerading, T1496 - Resource Hijacking, T1195 - Supply Chain Compromise, T1023 - Shortcut Modification

Read More:

https://otx.alienvault.com/pulse/6311fabae858dc3031de35de