top of page
Search

Python Package Index (PyPI) Repository Hit With "Imposter Packages" Carrying Malware



Python developers beware! There are 41 malicious packages on the Python Package Index (PyPI) repository posing as typosquatted variants of legitimate modules. The descriptions for these packages don't hint at their malicious intent. Some are disguised as real libraries and make flattering comparisons between their capabilities and those of known, legitimate HTTP libraries. In reality, they either harbor downloaders that act as a conduit to deliver second-stage malware to infected hosts or information stealers that are designed to exfiltrate sensitive data such as passwords and tokens.


If you're a Python developer, be sure to check the package names carefully before downloading anything from PyPI. And, as always, keep your system and software up to date.

Comments


Commenting has been turned off.
bottom of page