You are here

Two New Supply Chain Attacks Revealed

Two New Supply Chain Attacks Revealed

Created: Thursday, October 25, 2018 - 12:30
Categories:
Cybersecurity

Over the past week, two supply-chain attacks have come to light. The first involves VestaCP, a control-panel interface that system administrators use to manage servers. According to security firm Eset, unknown attackers compromised VestaCP servers and used their access to make a malicious change to an installer that was available for download. “The VestaCP installation script was altered to report back generated admin credentials to vestacp.com after a successful installation,” said ESET Malware Researcher Marc-Étienne M.Léveillé. The second supply-chain involves a malicious package that was slipped into the official repository for the widely used Python programming language. Called “Colourama,” the package looked similar to Colorama, which is one of the top-20 most-downloaded legitimate modules in the Python repository. The Colourama package contained most of the functions of the legitimate module, with one significant difference: Colourama added code that, when run on Windows servers, installed a Visual Basic script. It constantly monitors the server’s clipboard for signs a user is about to make a cryptocurrency payment. When triggered, the script diverts the payments from the wallet address contained in the clipboard to an attacker-owned wallet. Ars Technica.