More PyPl packages hacked following phishing attack

Package maintainers gave away login credentials

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Scammers have tricked PyPI Python package maintainers into giving away their login credentials, then used thepasswordsto log in and taint the packages withmalware, experts have claimed.

The news was confirmed by Django project board member Adam Johnson, after being attacked himself, with “hundreds” of packages being affected.

According to the report, an unknown threat actor sent out phishingemailsto package maintainers, claiming they need to “validate” themselves, otherwise their packages would be removed from the platform. Johnson said clicking on the link in the email sent the targets to a “fairly convincing” phishing site.

Hundreds of tainted packages

Some maintainers fell for it, the report says, giving their login credentials to the fraudsters. They used that information to hijack “several hundreds”  packages, which were later removed from the platform, it was confirmed. Among the malicious things the code does is exfiltrating theendpoint’s computer name to domain linkedopports[.]com and downloading a trojan.

“We’re actively reviewing reports of new malicious releases, and ensuring that they are removed and the maintainer accounts restored,” says PyPI. “We’re also working to provide security features like 2FA more prevalent across projects on PyPI.”

Python programming libraries found hiding security threats>Malicious PyPi packages turn Discord into password-stealing malware>Get rid of ransomware with the best ransomware removal around

PyPI, the world’s largest Python code repository, with more than 600,000 active users, has been under a barrage of attacks lately. Less than a month ago, researchers found almost a dozen malicious packages, all “typosquats”. Typosquatting is a malware distribution technique in which the malicious package has a name almost identical to the authentic one, carrying only a small “typo”, which might trick developers into downloading and using that one, instead of the authentic one.

Just last week, another dozen malicious packages were discovered, whose goal was tostealsensitive data stored in browsers, install backdoors into the Discord client, steal authentication tokens, and payment data.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Watch out, Nvidia - new benchmarks suggest Apple M4 Ultra could beat the mighty RTX 4090