Researchers have identified a new malware campaign targeting supply chains through poisoned Python packages. The malicious software, dubbed PondRAT, is a lightweight version of the previously known POOLRAT RAT.
Attackers uploaded these infected packages to the PyPI repository, aiming to compromise developers’ endpoints and gain access to their customers’ systems.
While PyPI administrators have since removed these poisoned packages, the campaign highlights the ongoing threat of supply chain attacks through open-source repositories.
Gleaming Pisces, a North Korean threat actor, has been targeting Linux systems using poisoned Python packages. The group’s malicious Python packages, uploaded to PyPI under fake personas, decode and execute encoded code to download and run a Linux RAT called PondRAT.
This RAT is part of a larger family of malware associated with Gleaming Pisces and shares similarities with previous macOS malware used in AppleJeus campaigns.
The Linux variant of PondRAT and the macOS RAT kupayupdate_stage2 share significant code similarities, including identical function names like FConnectProxy and AcceptRequest, similar command numerical IDs, and the same encryption key.
These similarities strongly suggest a common origin or development lineage, indicating a potential connection between the two threat actors or malware families.
The analysis of additional macOS samples revealed a connection between the PondRAT macOS variants and the poisoned Python packages campaign.
One of the samples, a multi-arch Mach-O binary, shared code and infrastructure with the Linux variant of PondRAT, indicating its role as a payload in the campaign.
Additionally, another sample was linked to the AppleJeus campaign, reinforcing the attribution of the entire operation to the Gleaming Pisces threat actor.
Analysts at Unit 42 discovered a new Linux variant of the POOLRAT malware, previously known as a macOS RAT (Remote Access Trojan), which shares several key similarities with its macOS counterpart, suggesting it’s an adaptation rather than entirely new malware.
The Linux version utilizes libcurl for communication and logs errors to /tmp/xweb_log.md. Both variants share identical function structures for loading configurations, similar method names, and a nearly identical C2 (Command and Control) handling mechanism.
PondRAT, a simplified version of POOLRAT, offers a limited set of commands for remote control, which allows attackers to upload and download files, check implant status, temporarily pause operations, and execute commands with or without retrieving output.
While PondRAT shares some similarities with POOLRAT, its functionality is more constrained, making it a lighter-weight option for malicious activities.
The North Korean Gleaming Pisces APT group has been linked to the poisoned Python packages campaign, using the Linux variant of PondRAT as a final payload, which shares code similarities with POOLRAT, also attributed to Gleaming Pisces, indicating their expanding capabilities across Linux and macOS platforms.
The weaponization of legitimate-looking Python packages across multiple operating systems poses a significant risk due to their stealthy nature and potential for widespread network compromise upon successful installation.