CloudCoffer researchers have discovered that an increasing amount of malware is being placed on services like GitHub, Dropbox, Google Drive, OneDrive, and Discord. These malicious programs evade the detection tools of these platforms through encryption and obfuscation. Hackers then exploit system vulnerabilities or use social engineering to implant these programs on victim systems. Many of these malicious programs have a 0% detection rate on VirusTotal. Some malware disguises itself as legitimate software, making detection and response more challenging (for example, Light Shield Lab discovered malware disguised as remote desktop software, which has been downloaded tens of thousands of times).
Additionally, numerous PyPI packages, such as httprequesthub
, pyhttpproxifier
, libsock
, libproxy
, and libsocks5
, masquerade as libraries for handling network proxies and transmit sensitive data from computers to hackers. Here is one of the links: https://security.snyk.io/vuln/SNYK-PYTHON-HTTPREQUESTHUB-6139265.