Japanese cybersecurity officials warned that the Lazarus Group hacking team, infamous from North Korea, recently carried out a supply chain attack on the PyPI software repository for Python apps. Threat actors uploaded tainted packages with names similar to the legitimate “pycrypto” encryption toolkit for Python. Developers who downloaded the nefarious packages are infected with a dangerous Trojan known as “Comebacker.”

The malicious packages have been downloaded approximately 300 to 1,200 times. Comebacker is described as a general purpose Trojan used for dropping ransomware, stealing credentials and infiltrating the development pipeline. Comebackers has been deployed in other cyberattacks linked to North Korea. This type of attacks on software repositories have increased rapidly in the last year or so.

