{"id":456527,"date":"2022-11-10T11:51:38","date_gmt":"2022-11-10T13:51:38","guid":{"rendered":"https:\/\/teknomers.com\/fr\/des-chercheurs-decouvrent-un-package-pypi-cachant-du-code-malveillant-derriere-un-fichier-image\/"},"modified":"2022-11-10T11:51:39","modified_gmt":"2022-11-10T13:51:39","slug":"des-chercheurs-decouvrent-un-package-pypi-cachant-du-code-malveillant-derriere-un-fichier-image","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/des-chercheurs-decouvrent-un-package-pypi-cachant-du-code-malveillant-derriere-un-fichier-image\/","title":{"rendered":"Des chercheurs d\u00e9couvrent un package PyPI cachant du code malveillant derri\u00e8re un fichier image"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Un paquet malveillant d\u00e9couvert sur le Python Package Index (PyPI) utilise une astuce st\u00e9ganographique pour dissimuler le code malveillant dans les fichiers image.<\/p>\n<p>Le colis en question, nomm\u00e9 &#8220;<strong>apicolor<\/strong>&#8220;, a \u00e9t\u00e9 t\u00e9l\u00e9charg\u00e9 sur le r\u00e9f\u00e9rentiel tiers Python le 31 octobre 2022 et d\u00e9crit comme une&#8221; biblioth\u00e8que principale pour l&#8217;API REST &#8220;, selon la soci\u00e9t\u00e9 isra\u00e9lienne de cybers\u00e9curit\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/research.checkpoint.com\/2022\/check-point-cloudguard-spectral-exposes-new-obfuscation-techniques-for-malicious-packages-on-pypi\/\" target=\"_blank\">Point de contr\u00f4le<\/a>.  C&#8217;est depuis <a rel=\"nofollow noopener\" href=\"https:\/\/pypi.org\/project\/apicolor\/\" target=\"_blank\">d\u00e9mont\u00e9<\/a>.<\/p>\n<p>Apicolor, comme d&#8217;autres packages malveillants d\u00e9tect\u00e9s r\u00e9cemment, h\u00e9berge son comportement malveillant dans le script de configuration utilis\u00e9 pour sp\u00e9cifier les m\u00e9tadonn\u00e9es associ\u00e9es au package, telles que ses d\u00e9pendances.<\/p>\n<p>Cela prend la forme d&#8217;un deuxi\u00e8me package appel\u00e9 &#8220;judyb&#8221; ainsi que d&#8217;un fichier PNG apparemment inoffensif (&#8220;8F4D2uF.png&#8221;) h\u00e9berg\u00e9 sur Imgur, un service de partage d&#8217;images.<\/p>\n<div class=\"separator\" style=\"clear: both\"><img decoding=\"async\" alt=\"Paquet PyPI malveillant\" border=\"0\" data-original-height=\"408\" data-original-width=\"728\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/11\/1668088297_514_Des-chercheurs-decouvrent-un-package-PyPI-cachant-du-code-malveillant.jpg\" title=\"Paquet PyPI malveillant\" \/><\/div>\n<p>&#8220;Le code judyb s&#8217;est av\u00e9r\u00e9 \u00eatre un module de st\u00e9ganographie, responsable [for] cacher et r\u00e9v\u00e9ler des messages cach\u00e9s \u00e0 l&#8217;int\u00e9rieur des images&#8221;, a expliqu\u00e9 Check Point.<\/p>\n<p>La cha\u00eene d&#8217;attaque consiste \u00e0 utiliser le package judyb pour extraire le code Python obscurci int\u00e9gr\u00e9 dans l&#8217;image t\u00e9l\u00e9charg\u00e9e, qui, lors du d\u00e9codage, est con\u00e7u pour r\u00e9cup\u00e9rer et ex\u00e9cuter un binaire malveillant \u00e0 partir d&#8217;un serveur distant.<\/p>\n<div class=\"ad_two clear\"><img decoding=\"async\" class=\"lazyload\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/11\/Le-service-de-phishing-de-Robin-Banks-pour-les-cybercriminels.gif\" style=\"float:left\" \/><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Le d\u00e9veloppement fait partie d&#8217;une tendance continue o\u00f9 les acteurs de la menace se tournent de plus en plus vers l&#8217;\u00e9cosyst\u00e8me open source pour exploiter la confiance associ\u00e9e aux logiciels tiers pour monter des attaques sur la cha\u00eene d&#8217;approvisionnement.<\/p>\n<p>Plus troublant encore, ces biblioth\u00e8ques malveillantes peuvent \u00eatre int\u00e9gr\u00e9es \u00e0 d&#8217;autres projets open source et publi\u00e9es sur GitHub, \u00e9largissant ainsi la port\u00e9e et l&#8217;\u00e9chelle des attaques.<\/p>\n<p>&#8220;Ces r\u00e9sultats refl\u00e8tent une planification et une r\u00e9flexion minutieuses par un acteur de la menace, qui prouve que les techniques d&#8217;obscurcissement sur PyPI ont \u00e9volu\u00e9&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/11\/researchers-uncover-pypi-package-hiding.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Un paquet malveillant d\u00e9couvert sur le Python Package Index (PyPI) utilise une astuce st\u00e9ganographique pour dissimuler le code malveillant dans les fichiers image. Le colis en question, nomm\u00e9 &#8220;apicolor&#8220;, a \u00e9t\u00e9 t\u00e9l\u00e9charg\u00e9 sur le r\u00e9f\u00e9rentiel tiers Python le 31 octobre 2022 et d\u00e9crit comme une&#8221; biblioth\u00e8que principale pour l&#8217;API REST &#8220;, selon la soci\u00e9t\u00e9 isra\u00e9lienne [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":456528,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[23316,12848,5597,4168,4158,4165,4161,3073,4109,133,7085,2511,4157,4159,4171,4170,4167,7733,4160,4163,4162,7878,69497,4172,4169,4166,4164],"class_list":["post-456527","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-cachant","tag-chercheurs","tag-code","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-decouvrent","tag-derriere","tag-des","tag-fichier","tag-image","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-malveillant","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-package","tag-pypi","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/456527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=456527"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/456527\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/456528"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=456527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=456527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=456527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}