Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.

New research from Checkmarx Zero has unveiled a unique malicious software campaign that targets Python and NPM users on both Windows and Linux systems.

Security researcher Ariel Harush at Checkmarx Zero has identified this troubling new trend in cyberattacks. According to their research, shared with Hackread.com, attackers are using typosquatting and name-confusion techniques to trick users into downloading harmful software.

What makes this campaign especially unusual is its _cross-ecosystem_ approach. The malicious packages, uploaded to PyPI (Python Package Index), mimic the names of legitimate software from two different programming ecosystems: colorama (a popular Python tool for adding color to text in terminals) and colorizr (a similar JavaScript package found on NPM, the Node Package Manager). This means an attacker is using a name from one platform to target users of another, a rarely seen tactic.

The packages uncovered by Checkmarx Zero carried highly risky payloads, designed to give attackers lasting remote access and remote control over both desktops and servers. This allows them to “harvest and exfiltrate sensitive data,” meaning they can steal important information.

On Windows systems, the malware even attempts to bypass antivirus software to avoid being detected. Checkmarx also linked some of the Windows payloads to a GitHub account: githubcom/s7bhme.

For Linux users, the malicious packages were found to contain advanced backdoors that could establish encrypted connections, steal information, and maintain a hidden, long-term presence on affected systems.

The campaign, likely designed to attack specific targets, is currently untraceable due to the lack of clear attribution data, leaving it unclear whether it is linked to a well-known adversary.

Thankfully, these specific malicious packages have been removed from public software repositories, which has limited their immediate potential for causing damage. Although the immediate threat has been contained, Checkmarx advises organizations to be ready for similar attacks.

Query results for ‘coloramapkgs’ retrieved via the Checkmarx Threat Intelligence API

“By combining typo-squatting and related name confusion attacks, cross-ecosystem baiting, and multi-platform payloads, this attack serves as a reminder of how opportunistic and sophisticated open-source supply chain threats have become,” Checkmarx researchers noted in their blog post.

Researchers suggest checking all active and ready-to-use application code for any signs of these malicious package names. It is also crucial to inspect private software storage areas, like Artifactory, to remove any harmful packages and prevent their future installation.

Furthermore, companies should ensure that these types of dangerous packages aren’t installed on developer computers or in testing environments. These steps are vital for defending against such sophisticated open-source supply chain attacks.

Backdoors in Python and NPM Packages Target Windows and Linux

Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network.

New Botnet Plants Persistent Backdoors in ASUS Routers

Researchers reveal how guest accounts with billing roles can create Azure subscriptions inside external tenants, gaining unexpected Owner access and opening hidden privilege risks.

Cybersecurity researchers at BeyondTrust are warning about a little-known but dangerous issue within Microsoft’s Entra identity platform. The issue isn’t some hidden bug or overlooked vulnerability; it’s a feature, built into the system by design, that attackers can exploit.

The issue is that guest users invited into an organization’s Azure tenant can create and transfer subscriptions inside that tenant without having any direct admin privileges there. Once they do, they gain “Owner” rights over that subscription, opening up a surprising set of attack opportunities that many Azure administrators might never have considered.

****What’s Happening Behind the Scenes****

Organizations frequently invite external partners or collaborators into their Azure environments as “guest users.” Typically, these guests are assigned limited access to prevent damage if their accounts are compromised. But BeyondTrust’s findings shared with Hackread.com, reveal that under certain conditions, these guests can spin up entire Azure subscriptions inside the host tenant, even without explicit permissions in that environment.

How? It all comes down to Microsoft’s billing permissions. If the guest holds specific billing roles in their home tenant (for example, they created a free trial account), they can use that authority to create subscriptions and then move them into any other tenant they are invited to. By doing so, they effectively become “Owners” of those subscriptions, gaining broad control over resources inside the targeted tenant.

Microsoft has confirmed that this is intended behaviour, pointing out that these subscriptions stay on the guest’s bill and that there are existing (but non-default) controls to prevent such transfers. Still, the security implications are substantial.

****The Privilege You Didn’t See Coming****

Once a guest becomes a subscription Owner inside your Azure tenant, they unlock several advanced capabilities including Identifying who’s really in charge, disabling security monitoring, creating persistent backdoors and abusing device trust

These attack paths exist because billing roles and resource permissions operate on separate tracks, creating an overlap that isn’t covered by typical role-based access control (RBAC) models.

**Real-World Attack Steps**

BeyondTrust researchers demonstrated how an attacker could exploit this issue in practice. An attacker could start by setting up their own Azure tenant using a free trial, which automatically gives them billing authority.

Once they are invited as a guest into a target tenant, they can log into the Azure portal and create a new subscription using advanced settings, selecting the target tenant as the destination. Without ever needing admin approval in that tenant, the attacker gains full Owner access over the new subscription, opening the door to privilege abuse techniques.

> _“The feature Microsoft has created here makes sense: some organizations have many tenants, and there are use cases where users with one home directory need to create subscriptions in others they are simply a guest in. The problem lies in the default behavior: if this capability were opt-in, meaning guests were blocked from creating subscriptions by default, the risk would be significantly reduced, and this wouldn’t pose a security concern.”_
> 
> Simon Maxwell-Stewart, Sr Data Engineer – BeyondTrust

****Microsoft’s Position****

Microsoft has stated that this is intended behaviour, meant to support complex multi-tenant setups where guests sometimes need to create resources. They provide subscription policies that can block these transfers, but these controls are off by default.

For cybersecurity teams, this means the risk remains active until they take clear action. BeyondTrust recommends several key steps to reduce exposure including enabling subscription policies that block guest-led transfers, regularly auditing guest accounts and removing any that are unused or unnecessary.

To prevent attackers from using virtual machines or devices for further attacks, closely monitor subscriptions for unusual or unexpected guest-created resources, and carefully review dynamic group rules and device trust policies.

Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say

Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for…

Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for fake AI video tools, leading to stolen credentials and credit card information.

Mandiant Threat Defense has uncovered a widespread cybercrime operation preying on the public’s excitement for new AI tools. A group known as UNC6032, believed to be based in Vietnam, is tricking people with fake social media ads that look like they’re promoting popular AI video generators such as Luma AI and Canva Dream Lab.

According to Mandiant’s research, shared with Hackread.com, UNC6032 has been running misleading ads on platforms like Facebook and LinkedIn since mid-2024. These ads direct users to fake websites that appear to offer AI video generation services.

However, these sites secretly download harmful software, including infostealers and backdoors, which steal sensitive information like login details and personal data. The stolen data is likely sold on illegal online markets.

This type of attack is a major concern for everyone, from individuals to large companies. In fact, according to Mandiant’s M-Trends 2025 report, stolen credentials are the second-highest initial way cybercriminals get into systems. Mandiant has found thousands of these ads, reaching millions of users, and believes similar campaigns are active on other social media sites.

For instance, one specific attack that Mandiant investigated started with a Facebook ad for Luma Dream AI Machine. When a user clicked on “Start Free Now,” they were led through a series of steps mimicking a real AI video creation process.

After a loading bar, a Download button appeared, which then installed the malicious software instead of a video. The files used a trick with hidden characters and a fake .mp4 icon to appear harmless, but they were actually dangerous executable files.

Malicious Facebook ads on Facebook and LinkedIn (Image credit: Mandiant)

The malicious software used in these attacks, which Mandiant tracks as STARKVEIL, is a complex program written in Rust. It may display fake error messages to trick users into reopening the program. The software then drops other dangerous tools like XWORM, FROSTRIFT backdoors, and the GRIMPULL downloader.

These tools allow attackers to control the computer, steal more information, record keystrokes, and check for security software. GRIMPULL, for example, can download and run the Tor browser to connect to criminals’ hidden servers. XWORM even sends the stolen information to the attackers via Telegram.

According to Mandiant Threat Defense’s blog post, the company is collaborating with Meta and LinkedIn to fight this campaign. Although Meta has removed many of these ads, new ones are appearing daily. This ongoing threat necessitates constant collaboration across the tech industry to protect users.

Yash Gupta, Senior Manager at Mandiant Threat Defense, warns that “well-crafted websites masquerading as legitimate AI tools can pose a threat to anyone… Users should exercise caution when engaging with seemingly harmless ads.”

It is a fact that AI tools are becoming popular, and cybercriminals will continue to exploit this interest. Users are advised to be cautious when trying out new AI tools and verify the website’s address before interacting.

Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers

Cybercriminals are using text-to-video-AI tools to lure victims to fake websites that deliver malware like infostealers and Trojans.

Cybercriminals are taking advantage of the public’s interest in Artificial Intelligence (AI) and delivering malware via text-to-video tools.

According to researchers at Mandiant, the criminals are setting up websites claiming to offer “AI video generator” services, and then using those fake tools to distribute information stealers, Trojans, and backdoors.

Links to the malicious websites were brought to the researchers’ attention by ads and links in comments on social media platforms. The researchers uncovered thousands of malicious ads on Facebook and LinkedIn—beginning in November 2024—that promote fake AI video generator tools such as “Luma AI,” “Canva Dream Lab,” and “Kling AI.”

To avoid detection, the group constantly rotates the domain used in the ads and creates new ads every day, while using both compromised and newly created accounts. The campaign operates through more than 30 websites that imitate popular legitimate AI tools.

Researchers identified the first payload as the Starkveil dropper (detected by Malwarebytes/ThreatDown) classified as Trojan.Crypt. The Trojan, written in Rust, requires users to run it twice to fully compromise their machines. After the first run, the malware displays an error window to trick victims into executing it again.

The dropper then deploys the XWorm (detected as Backdoor.XWorm) and Frostrift (detected as Trojan.Crypt) backdoors and the GRIMPULL downloader (also detected as Trojan.Crypt).

After it has fully compromised the system, this constellation of malware will harvest all kinds of data from the infected devices and send it to the cybercriminals using various methods of communication. For a full technical analysis of the malware, feel free to read the researchers’ report.

The researchers stated:

> “The temptation to try the latest AI tool can lead to anyone becoming a victim.”

So, it’s important to be aware of these campaigns and adopt ways to recognize and thwart them.

*   Be vigilant. Posts or ads with high numbers of views that promise free AI text-to-video tools are a red flag and should be examined carefully, especially if they prompt downloads of executable files, which could be disguised as videos.
*   Don’t trust unsolicited messages or ads promising unbelievable AI tools or free trials, especially if they pressure you to act quickly or provide personal information.
*   Run up-to-date and active protection to intercept these malware infections in the early stages, as well as detect and remove infostealer malware.
*   Use web protection in your browser that can recognize and block scams and malicious websites.
*   Don’t click on sponsored search results. Any other method to find a link to your coveted product is preferable over sponsored results, since criminals have demonstrated that it pays off to outbid the rightful owners.
*   Look out for ads with too-good-to-be-true offers, urgent deadlines, or unusual payment methods like cryptocurrency or wire transfers.
*   Scrutinize the provided URLs which might be constructed to look like the “real thing” but they might not be.
*   Only download AI software or tools from official, trusted sources or verified app stores.

For more actionable advice on how to spot scams, join our Facebook Live on June 3.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware 

Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from…

Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from the UAT-6382 threat group. Learn about the malware, affected organizations, and critical security patches.

Cisco Talos researchers have issued a critical alert regarding active cyberattacks targeting Trimble Cityworks, a widely used platform for managing public assets. According to Cisco Talos’ latest research, shared with Hackread.com, a sophisticated threat group, tracked as UAT-6382, is exploiting a newly discovered high-severity vulnerability CVE-2025-0994 in the system.

This vulnerability, having a CVSS score of 8.6, allows for remote code execution, meaning attackers can run their malicious programs on affected systems from afar. These attacks have been observed since January 2025 and primarily target local government organizations in the United States. Some attacks have already resulted in successful compromises.

The Cybersecurity and Infrastructure Security Agency (CISA) and Trimble have also released their warnings about this serious flaw. Reportedly, the vulnerability allows attackers to gain remote access and execute malicious code against Microsoft Internet Information Services web server without needing to authenticate. Cityworks vulnerability affects versions before 15.8.9 and Cityworks with Office Companion versions before 23.10.

Once inside, UAT-6382 quickly deploys _web shells_ like AntSword and chinatso/Chopper on the compromised web servers to maintain hidden access. They also use custom-made tools, including a Rust-based loader called TetraLoader to install more persistent malware such as Cobalt Strike and VSHell.

> _“Talos has found intrusions in enterprise networks of local governing bodies in the United States (U.S.), beginning in January 2025 when initial exploitation first took place. UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access.”_
> 
> Cisco Talos

****Chinese-Speaking Actors Identified****

Based on their methods and tools, Cisco Talos’ report suggests with high confidence that UAT-6382 is a group of “Chinese-speaking threat actors.” Evidence supporting this includes the Chinese language found in the web shells and the fact that MaLoader, the framework used to build TetraLoader, is also written in Simplified Chinese. This malware builder, which emerged in December 2024, allows operators to package malicious code into Rust-based programs like TetraLoader.

MaLoader Builder Interface (Source: Cisco Talos)

Researchers noted that upon gaining access, the attackers show a particular interest in systems related to utility management. Their initial actions involve scanning the compromised server to understand its setup, looking for specific directories related to Cityworks, and then quickly setting up their web shells. They also stage sensitive files for potential data theft and deploy backdoors using PowerShell commands to ensure long-term access.

****Understanding the Malware****

TetraLoader’s main function is to inject various payloads into legitimate processes, such as notepad.exe. These payloads can be Cobalt Strike beacons, which are widely used by attackers for command and control, or VShell stagers.

For your information, VShell is a GoLang-based remote access Trojan that allows attackers to manage files, run commands, take screenshots, and set up proxy services on infected systems. Like other tools used by this group, the VShell control panels also display Chinese text, indicating the operators’ proficiency in the language.

Cityworks has released security patches to address the CVE-2025-0994 vulnerability, urging users to update immediately. Organizations should monitor suspicious activity using Cisco Talos’ technical indicators of compromise (IOCs). Cisco Talos also recommend the use of security products like Cisco Secure Endpoint, Secure Firewall, and Umbrella to protect against such attacks.

Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake.
ESET, which first discovered the hacking group's intrusions targeting the entity in March 2023 and again a year later, said the activity leverages spear-phishing emails using

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine…

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine hacktivist group is behind the attack on the PyPI repository especially those used by Russian developers.

Cybersecurity researchers at ReversingLabs (RL) have discovered a new malicious Python package, named dbgpkg, that masquerades as a debugging tool but instead installs a backdoor on developers’ systems. This backdoor allows attackers to run malicious code and steal sensitive information. By analysing the techniques used, RL suspects a hacktivist group known for targeting Russian interests in support of Ukraine may be involved.

****Sophisticated Backdoor Uses Sneaky Python Tricks****

Reportedly, the dbgpkg package, detected on Tuesday by the RL threat research team, contained no actual debugging features. Instead, it was designed to trick developers into installing a backdoor, effectively turning their development machines into compromised assets.

What made “dbgpkg” particularly noteworthy was its sophisticated method of implanting the backdoor. Upon installation, the package’s code cleverly modifies the behaviour of standard Python networking tools (_requests_ and _socket_ modules) using a technique called “function wrapping” or “decorators.” This allows the malicious code to remain hidden until these networking functions are used by the developer.

Source: ReversingLabs

As per RL’s investigation, shared with Hackread.com, the malicious wrapper code first checks for a specific file, likely to see if the backdoor is already present. If not, it executes three commands. The first downloads a public key from the online Pastebin service.

The second installs a tool called Global Socket Toolkit, designed to bypass firewalls, and uses the downloaded key to encrypt a secret needed to connect to the backdoor. The third command then sends this encrypted secret to a private online location. This multi-stage process, along with using function wrappers on trusted modules, makes the malicious activity harder to detect.

****Links to Previous Pro-Ukraine Activity****

RL researchers found similarities between the dbgpkg backdoor and malware previously employed by the Phoenix Hyena hacktivist group, which has been active since 2022 and is known for targeting Russian entities.

This group typically steals and leaks confidential information on their Telegram channel “DumpForums.” One notable incident linked to this group was the alleged breach of the Russian cybersecurity firm Dr. Web in September 2024.

Another similarity was an earlier malicious package involved in the same campaign, discordpydebug (discovered in early May by Socket), which had the same backdoor as an earlier version of dbgpkg. Discordpydebug, posing as a debugging tool for Discord bot developers, was uploaded shortly after Russia invaded Ukraine in March 2022. Another package, requestsdev, also part of this campaign and uploaded by the same likely impersonated author (\[email protected\], mimicking popular developer Cory Benfield), contained the same malicious payload.

However, RL researchers couldn’t definitively attribute this campaign to Phoenix Hyena based on backdooring techniques as it could be a copycat’s work too. Nevertheless, the timeline of related malicious packages suggests a politically motivated operation by a persistent threat actor.

“And, with a campaign driven by geopolitical tensions and the continuing hostility between Russia and Ukraine, RL researchers believe that more malicious packages are almost certain to be created as part of this campaign,” researchers concluded.

Pro-Ukraine Group Targets Russian Developers with Python Backdoor

How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between attackers.

Tag

#backdoor