Lazarus APT Group Spreads Comebacker Malware Through PyPI
"The Lazarus attack group has distributed malicious Python packages on PyPI the official Python package repository. These packages have names resembling legitimate packages like ""pycrypto"" often exploiting typos made by users during package installations to deploy malware. Successful installations led to systems being infected with the Comebacker downloader. Rundll32 was employed to load the downloader into memory. Once activated Comebacker initiates an HTTP POST request to the command-and-control (C2) server receiving a Windows executable file in response."