Over 10K downloads amassed by malicious PyPi packages

More than 10,000 Windows and Linux systems have been impacted by 116 malicious Python Package Index repository packages with custom malware since May, reports The Hacker News. Malicious code has been injected into the Python packages through a script, PowerShell insertion in the file, and integration into the file, to facilitate the distribution of malware with data exfiltration, remote command execution, and screenshot capturing capabilities, a report from ESET showed. "In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both," said researchers, who urged Python developers to be vigilant of the codes they are about to download on their systems. Such findings come after an unspecified financial organization was reported by Phylum to have been targeted in attacks involving malicious NPM packages. "This decrypted payload contains an embedded binary that cleverly exfiltrates user credentials to a Microsoft Teams webhook that is internal to the target company in question," said Phylum.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.