27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts


For almost six months, an unidentified threat actor has been seen uploading typosquat packages to the Python Package Index (PyPI) repository with the intention of distributing malware that can become persistent, steal confidential information, and get access to cryptocurrency wallets for financial gain. As reported by Checkmarx in a recent investigation, the 27 packages garnered thousands of downloads by disguising themselves as well-known, authentic Python libraries. The countries from which most of the downloads came were the United States, China, France, Hong Kong, Germany, Russia, Ireland, Singapore, the United Kingdom, and Japan.

“A defining characteristic of this attack was the utilization of steganography to hide a malicious payload within an innocent-looking image file, which increased the stealthiness of the attack,” the security company for software supply chains claimed.

Read More…