PyPI

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Feb 23, 2023 by iHash Leave a Comment

Feb 23, 2023Ravie LakshmananSoftware Security / Supply Chain Attack Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3. The … [Read more...] about Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

Jan 17, 2023 by iHash Leave a Comment

Jan 17, 2023Ravie LakshmananSoftware Security / Supply Chain A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by … [Read more...] about Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Dec 24, 2022 by iHash Leave a Comment

Dec 24, 2022Ravie LakshmananSoftware Security / Supply Chain Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf … [Read more...] about W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

Nov 5, 2022 by iHash Leave a Comment

Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," … [Read more...] about Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Nov 19, 2021 by iHash Leave a Comment

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following … [Read more...] about 11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Several Malicious Typosquatted Python Libraries Found On PyPI Repository

Jul 30, 2021 by iHash Leave a Comment

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. "Lack of moderation and automated security controls in public software repositories allow even inexperienced … [Read more...] about Several Malicious Typosquatted Python Libraries Found On PyPI Repository

CleanMyMac One-Time Purchase: Lifetime License for $62

UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29

Wordela Vocabulary Mastery: Lifetime Subscription for $39

Apple Watch Series SE 2nd Gen (2022) Aluminum with Silicone Band – 44mm/Starlight (Refurbished Grade A: GPS + Cellular) for $273

Scribbyo AI: Lifetime Subscription for $49