October 4, 2023

Researchers have spotted numerous malicious packages on PyPI, the primary Python package index used by Python developers.

The first of them was Ascii2text, a malicious package that mimicked the popular art package by name and description. Ascii2text would work by downloading a script that gathered passwords stored in web browsers like Google Chrome, Microsoft Edge, Brave, Opera, and Yandex Browser.

Advertisements

In its advisory, it has mentioned Pyg-utils, Pymocks and PyProto2, three separate packages with the common goal of stealing users’ AWS credentials. The Test-async and Zlibsrc libraries also appear in the report. According to Check Point, both would download and execute potentially malicious code during installation.

An additional trio of malicious packages is mentioned by Check Point: Free-net-vpn, Free-net-vpn2, and WINRPCexploit – all of which are capable of stealing user credentials and environment variables.

Browserdiv, is a malicious package whose aim was to steal installers’ credentials by collecting and sending them to a predefined Discord webhook also covered in the advisory

Researchers reportedly alerted PyPI via their official website. Following the disclosure, PyPI removed these packages.

Advertisements

To reduce the presence of malicious packages on PyPI, the repository’s team started enforcing MFA policy for projects categorized as “critical” in July.

This research was done and documented by Checkpoint researchers

Tags:

Leave a Reply

You may have missed

Looney Tunables Vulnerability affects Linux

October 4, 2023

Qualcomm fixes Zero Day Vulnerabilities

October 4, 2023

AWS Console and MFA Requirements

October 4, 2023

Bunny Loader Malware-as-a-Service in Action

October 3, 2023

Google Android Security Updates – October 2023

October 3, 2023

Industrial Control Systems and Vulnerability Management Process

October 2, 2023
%d bloggers like this: