Jamf protects against ‘pymafka’ malware

Security, Jamf Threat Labs

Sonatype researchers recently identified a supply chain attack leveraging a malicious Python package ‘PyMafka’ in the PyPI registry.

Threat: PyMafka

Affects: Sonatype researchers discovered a typosquatting attack imitating the legitimate ‘pykafka’ package repository, an Apache Kafka client for Python. The attacker’s intent is that developers would misspell the legitimate package name and download the malicious one ‘PyMafka’ instead. The malware then identifies the victim's platform (macOS, Windows and Linux) and downloads the respective Cobalt Strike payload.

Such attacks are not uncommon on macOS. Recently the CrateDepression malware leveraged a similar typosquatting technique hosting a malicious crate named ‘rustdecimal’ in an attempt to imitate the legitimate ‘rust_decimal' package.

Prevented by: Jamf Protect threat prevention blocks the execution of this malware.

Malicious URLs (as published by Sonatype):

In-the-Wild IPs 141.164.58.147 39.107.154.72

IoC's: SHA1 Hashes c41e5b1cad6c38c7aed504630a961e8c14bf4ba4 - PyMafka Python package d4059aeab42669b0824757ed85c019cd5036ffc4 - MacOs UPX packed 8df6339297d14b7a4d9cab1dfe1e5e3e8f9c6262 - MacOs unpacked 7de81331ab2638956d93b0874a0ac5c741394135 - setup.py script

Worried that malware might try to take a bite out of you and your macOS fleet? Take Jamf Protect for a spin!

Jamf de-fangs security threats, keeping your organization operating smoothly while keeping data safe.

Request Trial

Jamf Threat Labs

Jamf

Jamf Threat Labs is a global team of experienced threat researchers, cybersecurity experts and data scientists with skills that span penetration testing, network monitoring, malware research and app risk assessment. Jamf Threat Labs primarily monitors and explores emerging threats affecting Mac and mobile devices. The team’s research is published with the aim of raising awareness of specific threats while also improving awareness and advocacy of security practices to protect the modern workforce.

Previous Blog Post:
Prev
Jamf named a Unified Endpoint Management leader Blog Homepage
Next Blog Post:
Next
Engaging AR learning activities for the classroom and home

Related Resources

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

Email Address (Work)

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.

Jamf protects against ‘pymafka’ malware

Worried that malware might try to take a bite out of you and your macOS fleet? Take Jamf Protect for a spin!

Announcing Jamf Protect – Jamf’s endpoint security solution purpose-built for Mac

Jamf Protect overview