AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security alert: malicious packets detected on PyPI

Prevention measures and security awareness in response to the cyber threat on PyPI

ESET has discovered 116 malicious packages on PyPI that could install malware and infostealers to steal data and cryptocurrencies. Developers need to be careful and check the code.

This pill is also available in Italian language

Cyber security is once again under attack with a recent discovery by ESET: as many as 116 malicious packages were found inside PyPI, the official repository for Python software packages. Data indicates that these packages have compromised more than 10,000 downloads since May 2023. The identified threats are capable of targeting Windows and Linux operating systems thanks to a versatile backdoor.

The danger of infostealers

Techniques employed by hackers to pollute packages include the use of a particular script called "test.py". The goals of these illicit maneuvers are clear: to infiltrate the victim's system and install an infostealer there. These malicious tools can execute remote commands, steal sensitive information, and even take screenshots. Unlike other attacks, this threat uses Python on Windows and the Go language on Linux to maximize the effectiveness of the backdoor.

Thefts targeting cryptocurrencies

In addition to remote access software, the same packages compromise security through the W4SP Stealer or a Clipper-type tool. These malware monitor users' clipboards, with the intent of intercepting cryptocurrency transactions. In fact, when the user copies a wallet address, the malicious software replaces this information with the address controlled by the attacker, diverting the funds.

Risks and precautions for developers

The phenomenon of malicious packages is nothing new to the Python community. Similar incidents have occurred in the past, including 5 packets intercepted at the end of January and other even earlier phenomena. These ongoing breaches of the Python ecosystem call attention to the need for developers to thoroughly verify code from external sources before implementing it into their systems to prevent theft of sensitive data and digital currency.

Follow us on Twitter for more pills like this

01/10/2024 18:31

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon