A recently discovered Python package on the Python Package Index (PyPI) cleverly impersonates the well-known 'requests' library to specifically target macOS devices using the Sliver Command and Control (C2) framework, commonly utilised for initial breaches into corporate networks.
Uncovered by Phylum, the attack sequence features multiple obfuscation techniques, including the use of steganography within a PNG image to discreetly install the Sliver payload on the targeted system.
At the time of writing, the harmful PyPI package has been taken down. However, its detection marks yet another example of the growing preference for Sliver among cybercriminals for remote corporate network access.
Sliver is a versatile, open-source adversarial framework applicable across Windows, macOS, and Linux. It's tailored for "red team" operations that mimic adversary activities to test network defenses.
Prominent capabilities of Sliver include generating custom implants, command and control (C2) functions, various post-exploitation tools, and extensive options for emulating attacks.
Initially adopted by hackers in 2022 as an alternative to the widely-used, but increasingly detectable, commercial pen-testing framework Cobalt Strike, Sliver has seen a rise in its utilization. SentinelOne researchers identified its deployment on macOS through a deceptive VPN application later that year.
By 2023, the use of Sliver in both Bring Your Own Vulnerable Driver (BYOVD) attacks and ransomware operations had visibly increased.
A joint cyber security advisory from CISA and the FBI in February 2024 further confirmed Sliver’s prominence as a frequent choice for attackers infiltrating networks via vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways.
Targeting macOS with Sliver
In the latest instance reported by Phylum, the campaign begins with a malicious Python package for macOS called 'requests-darwin-lite,' posing as a harmless variant of the 'requests' library.
Hosted on PyPI, this package conceals Sliver's binary within a 17MB PNG file adorned with the Requests logo. When installed on a macOS system, a PyInstall class activates to decode a base64-encoded string and execute a command to fetch the system's UUID (Universal Unique Identifier).
The setup.py file, as reported, uses this UUID to confirm the intended target by matching it against a specific UUID. If confirmed, the embedded Go binary is extracted from a designated portion of the PNG file.
The extracted Sliver binary is then saved locally, with altered permissions to enable execution, and is stealthily launched in the background.
After Phylum alerted the PyPI team about the requests-darwin-lite package, it was promptly removed. While the problematic versions were 2.27.1 and 2.27.2, the following releases 2.28.0 and 2.28.1 lacked the malicious components and installation trigger, suggesting a temporary return to a non-malicious state to evade detection.
Phylum speculates this was a precision-targeted attack, notably because of the UUID check, implying that the attackers likely reverted the package to appear benign temporarily to minimise scrutiny.
Recently, another campaign known as SteganoAmor has been reported, employing steganography to embed malicious code within images, delivering various malware to targeted systems across multiple sectors and countries, illustrating a widespread threat landscape.
