Rene RobichaudSep 2, 2025

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
https://thehackernews.com/2025/09/lazarus-group-expands-malware-arsenal.html

#Infosec #Security #Cybersecurity #CeptBiro #LazarusGroup #MalwareArsenal #PondRAT #ThemeForestRAT #RemotePE

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

Lazarus Group used PondRAT, ThemeForestRAT, and RemotePE in a 2024 DeFi attack, likely via Chrome zero-day.

The Hacker News
lazarusholicSep 30, 2024
"Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT" published by PolySwarm. #LabyrinthChollima, #PondRAT, #POOLRAT, #PyPI, #DPRK, #CTI https://blog.polyswarm.io/labyrinth-chollima-using-poisoned-python-packages-to-deliver-pondrat
Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT

North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.

Scripter Sep 29, 2024
New PondRAT Malware Hidden in Python Packages Targets Software Developers
https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html #Cybercrime #Malware #PondRAT #Python #PythonPackages
New PondRAT Malware Hidden in Python Packages Targets Software Developers

North Korean hackers use poisoned Python packages from PyPI to spread PondRAT malware, targeting developers in a supply chain attack.

The Hacker News
DefensorumSep 27, 2024
🔍 A backdoor hidden in Python packages is hitting developers! 🖥️ PondRat is the latest threat to development environments. Stay secure. #PondRat #Python #CyberThreat https://www.defensorum.com/pondrat-backdoor-hidden-in-python-packages-hits-developers/
PondRAT Backdoor Hidden in Python Packages Hits Developers - Defensorum

Researchers at Unit 42 have uncovered a new campaign that involves the delivery of Linux and macOS backdoors through poisoned Python packages. These packages are uploaded to the popular PyPI repository, and have been linked to a North Korean-affiliated group called Gleaming Pisces. The campaign, named PondRAT, has showed the threat actor’s ability to affect ... Read more

Defensorum
Anonymous 🐈️🐾☕🍵🏴🇵🇸 Sep 23, 2024

Developers, beware! Poisoned #Python packages are being used by North Korean attackers to spread #PondRAT malware, compromising both #Linux and macOS systems.

https://thehackernews.com/2024/09/new-pondrat-malware-hidden-in-python.html #cybersecurity #coding #hacking

New PondRAT Malware Hidden in Python Packages Targets Software Developers

North Korean hackers use poisoned Python packages from PyPI to spread PondRAT malware, targeting developers in a supply chain attack.

The Hacker News
securityaffairsSep 23, 2024
#North #Korea-linked #APT #Gleaming #Pisces deliver new #PondRAT #backdoor via malicious Python packages
https://securityaffairs.com/168781/hacking/gleaming-pisces-malicious-python-packages.html
#securityaffairs #hacking #PyPi
North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

North Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages.

Security Affairs
EvostrixSep 23, 2024
Python Packages Infected with New PondRAT Malware Targeting Software Developers
Are you a software developer who relies on Python packages for your projects? Well, buckle up because there's a new malware in town targeting Python packages, and it's called PondRAT. Palo Alto Networks Unit 42 recently...
#PythonPackages #PondRAT #MalwareAlert #SoftwareSecurity #CyberThreats #DeveloperSafety #MalwareProtection #CodeSecurity #TechNews #CyberAwareness #news #tech
https://cloudhosting.evostrix.eu/python-packages-infected-with-new-pondrat-malware-targeting-software-developers/
Python Packages Infected with New PondRAT Malware Targeting Software Developers

Are you a software developer who relies on Python packages for your projects? Well, buckle up because there's a new malware in town targeting Python packages,

Evo Cloud
lazarusholicSep 19, 2024
"Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors" published by PaloaltoNetworks. #GleamingPisces, #PondRAT, #PyPI, #DPRK, #CTI https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors.

Unit 42
lazarusholicSep 9, 2024
"Threat Assessment: North Korean Threat Groups" published by PaloaltoNetworks. #AlluringPisces, #CollectionRAT, #Comebacker, #Fullhouse, #GleamingPisces, #JumpyPisces, #KANDYKORN, #ObjCShellz, #OdicLoader, #POOLRAT, #PondRAT, #RustBucket, #SelectivePisces, #SlowPisces, #SmoothOperator, #SparklingPisces, #DPRK, #CTI https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/
Threat Assessment: North Korean Threat Groups

Explore Unit 42's review of North Korean APT groups and their impact, detailing the top 10 malware and tools we've seen from these threat actors. Explore Unit 42's review of North Korean APT groups and their impact, detailing the top 10 malware and tools we've seen from these threat actors.

Unit 42