Security alert: malicious packets detected on PyPI

Cyber security is once again under attack with a recent discovery by ESET: as many as 116 malicious packages were found inside PyPI, the official repository for Python software packages. Data indicates that these packages have compromised more than 10,000 downloads since May 2023. The identified threats are capable of targeting Windows and Linux operating systems thanks to a versatile backdoor.

The danger of infostealers

Techniques employed by hackers to pollute packages include the use of a particular script called "test.py". The goals of these illicit maneuvers are clear: to infiltrate the victim's system and install an infostealer there. These malicious tools can execute remote commands, steal sensitive information, and even take screenshots. Unlike other attacks, this threat uses Python on Windows and the Go language on Linux to maximize the effectiveness of the backdoor.

Thefts targeting cryptocurrencies

In addition to remote access software, the same packages compromise security through the W4SP Stealer or a Clipper-type tool. These malware monitor users' clipboards, with the intent of intercepting cryptocurrency transactions. In fact, when the user copies a wallet address, the malicious software replaces this information with the address controlled by the attacker, diverting the funds.

Risks and precautions for developers

The phenomenon of malicious packages is nothing new to the Python community. Similar incidents have occurred in the past, including 5 packets intercepted at the end of January and other even earlier phenomena. These ongoing breaches of the Python ecosystem call attention to the need for developers to thoroughly verify code from external sources before implementing it into their systems to prevent theft of sensitive data and digital currency.