27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

For almost six months, an unidentified threat actor has been seen uploading typosquat packages to the Python Package Index (PyPI) repository with the intention of distributing malware that can become persistent, steal confidential information, and get access to cryptocurrency wallets for financial gain. As reported by Checkmarx in a recent investigation, the 27 packages garnered thousands of downloads by disguising themselves as well-known, authentic Python libraries. The countries from which most of the downloads came were the United States, China, France, Hong Kong, Germany, Russia, Ireland, Singapore, the United Kingdom, and Japan.

“A defining characteristic of this attack was the utilization of steganography to hide a malicious payload within an innocent-looking image file, which increased the stealthiness of the attack,” the security company for software supply chains claimed.

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

17-Nov-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address