Researchers have discovered malware peddlers advertising an info-stealer out in the open on the Python Package Index (PyPI) — the official, public repository for the Python programming language — with only the thinnest veneer of obfuscation.
The perpetrators — whom researchers from Sonatype associated with a Spain-based malware-as-aservice (MaaS) gang called SylexSquad — gave their program a not-so-subtle name: “reverse-shell.” Reverse shells are programs that hackers commonly use to run commands remotely and receive data from targeted computers.
“I think what’s quite funny about this is that it’s just so blatant,” says Dan Conn, developer advocate at Sonatype. “Perhaps SylexSquad were advertising themselves, or they simply didn’t care about being caught.”
