VMConnect Supply Chain Attack Persists

During the initial weeks of August, the ReversingLabs research team uncovered a malicious supply chain operation, code-named “VMConnect.” This nefarious campaign involved the distribution of approximately twenty-four malevolent Python packages through the Python Package Index (PyPI), a widely used open-source repository for Python software. 

These deceptive packages were cleverly designed to mimic well-known open-source Python utilities, including vConnector (a wrapper module for pyVmomi VMware vSphere bindings), eth-tester (a toolkit for testing Ethereum-based applications), and databases (a tool offering asynchronous support for various database systems).
In their investigation, the researchers noticed that the perpetrators of this campaign have gone to great lengths to create an aura of authenticity around their actions. 

They take the time to establish GitHub repositories, complete with descriptions that appear entirely legitimate, and even incorporate authentic source code.
In their latest findings, the team has identified several new packages, each with its own download statistics. Notably, these include ‘tablediter,’ which has garnered 736 downloads, ‘request-plus’ with 43 downloads, and ‘requestspro’ boasting 341 downloads. 

Among these recently uncovered packages, the first one appears to camouflage itself as a tool for table editing. Meanwhile, the other two pose as legitimate versions of the widely-used ‘requests’ Pytho

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.