Researchers have identified a popular open source package that may be hiding industrial espionage malware.
“SqzrFramework480” is a .NET dynamic link library (DLL) that seems to pertain to Bozhon Precision Industry Technology Co., a Chinese manufacturer of consumer electronics and various industrial technologies. The file’s stated functions include managing and creating graphical user interfaces (GUIs), initializing and configuring machine vision libraries, adjusting robotic movement settings, and more. It was uploaded to the NuGet open source repository on Jan. 24 and already has 3,000 downloads, as of this writing.
It may, in the end, be no more than what it says it is. But researchers from ReversingLabs flagged SqzrFramework480 as suspicious in a new report, thanks to a method buried inside that appears to do rather malicious things: capturing screenshots, opening a socket, and exfiltrating data to a concealed IP address.
Is SqzrFramework480 an OT Backdoor?
Software developed by…