North Korean Hackers Use PondRat Malware to Target Developers

2024-09-25 • Foresiet •

https://foresiet.com/blog/north-korean-hackers-target-developers-with-pondrat-malware-via-python-packages/

#PyPI #PondRAT

Thumbnail for North Korean Hackers Use PondRat Malware to Target Developers

North Korean actors distributed PondRAT through malicious Python packages uploaded to PyPI, targeting developers and the software supply chain. The packages posed as legitimate libraries but triggered malware installation on developer systems after use. PondRAT is described as a lighter macOS and Linux backdoor with file upload, file download, pause, and arbitrary command execution capabilities. The campaign shows how poisoned open source packages can give attackers access to developer endpoints that may later be used to reach vendors and customers.

Related Reports

2024-09-30 • 60% Match

Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT

Poly Swarm

#LabyrinthChollima #PyPI #POOLRAT #PondRAT

Shares tags: PyPI, PondRAT • Published within a week

2024-09-18 • 60% Match

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

Paloalto Networks

#PyPI #GleamingPisces #PondRAT

Shares tags: PyPI, PondRAT • Published within a week

2024-09-10 • 40% Match

Fake recruiter coding tests target devs with malicious Python packages

Reversing Labs

#VMConnect #PyPI #Lazarus

Shares tag: PyPI • Published within a month

2024-09-09 • 40% Match

Threat Assessment: North Korean Threat Groups

Paloalto Networks

#SelectivePisces #SmoothOperator #RustBucket #CollectionRAT #KANDYKORN #ObjCShellz #Comebacker #SlowPisces #JumpyPisces #AlluringPisces #Fullhouse #GleamingPisces #OdicLoader #POOLRAT #PondRAT #SparklingPisces

Shares tag: PondRAT • Published within a month

2024-08-24 • 30% Match