AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Security alert: malicious packets detected on PyPI

Prevention measures and security awareness in response to the cyber threat on PyPI

ESET has discovered 116 malicious packages on PyPI that could install malware and infostealers to steal data and cryptocurrencies. Developers need to be careful and check the code.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

Cyber security is once again under attack with a recent discovery by ESET: as many as 116 malicious packages were found inside PyPI, the official repository for Python software packages. Data indicates that these packages have compromised more than 10,000 downloads since May 2023. The identified threats are capable of targeting Windows and Linux operating systems thanks to a versatile backdoor.

The danger of infostealers

Techniques employed by hackers to pollute packages include the use of a particular script called "test.py". The goals of these illicit maneuvers are clear: to infiltrate the victim's system and install an infostealer there. These malicious tools can execute remote commands, steal sensitive information, and even take screenshots. Unlike other attacks, this threat uses Python on Windows and the Go language on Linux to maximize the effectiveness of the backdoor.

Thefts targeting cryptocurrencies

In addition to remote access software, the same packages compromise security through the W4SP Stealer or a Clipper-type tool. These malware monitor users' clipboards, with the intent of intercepting cryptocurrency transactions. In fact, when the user copies a wallet address, the malicious software replaces this information with the address controlled by the attacker, diverting the funds.

Risks and precautions for developers

The phenomenon of malicious packages is nothing new to the Python community. Similar incidents have occurred in the past, including 5 packets intercepted at the end of January and other even earlier phenomena. These ongoing breaches of the Python ecosystem call attention to the need for developers to thoroughly verify code from external sources before implementing it into their systems to prevent theft of sensitive data and digital currency.

Follow us on Threads for more pills like this

01/10/2024 18:31

Editorial AI

Last pills

LockBit's response to FBI actionsLockBit's technological revenge: post-attack updates and awareness

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal group

Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal data

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at risk