Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo


Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project’s logo.

The package employing this steganographic trickery is requests-darwin-lite, which has been downloaded 417 times prior to it being taken down from the Python Package Index (PyPI) registry.

Requests-darwin-lite “appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into a large version of the actual requests side-bar PNG logo,” software supply chain security firm Phylum said.

Read more…