"PyPI Package Backdoors Macs Using the Sliver Pen-Testing Suite"

A new Python Package Index (PyPI) package mimicked the popular 'requests' library to target macOS devices with the Sliver C2 adversary framework. The campaign discovered by Phylum uses steganography in a PNG image file for covert installation of the Sliver payload. The malicious PyPI package has been removed, but its discovery shows Sliver's growing use of remote access to corporate networks. Sliver, an open source adversarial framework testing suite for "red team" operations, simulates adversary actions when testing network defenses on Windows, macOS, and Linux. Custom implant generation, Command-and-Control (C2) capabilities, post-exploitation tools/scripts, and rich attack emulation are its main features. Therefore, hackers began using Sliver in 2022 as an alternative to Cobalt Strike, which has become easier to detect and block after years of abuse. This article continues to discuss findings regarding the new PyPI package that backdoors Macs.

Bleeping Computer reports "PyPI Package Backdoors Macs Using the Sliver Pen-Testing Suite"

Submitted by grigby1

Submitted by Gregory Rigby on