More PyPI packages stealing data have been discovered
Five new malicious PyPI packages were recently discovered distributing infostealers
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybercriminals have managed to once again smuggle a couple of malicious packages into the Python Package Index (PyPi), putting both Python developers, and users, at risk ofdata theft.
The packages were discovered by cybersecurity researchers from Fortinet, who uncovered five seperate entities totaling just above 600 downloads.
The packages are called “3m-promo-gen-api”, “Ai-Solver-gen”, “hypixel-coins”, “httpxrequesterv2”, and “httpxrequester”, and seem to have been uploaded on January 27, being available for download for roughly two days before being removed.
Stealing sensitive data
The packages were designed to steal all sorts of sensitive information, including passwords saved in Chrome, Opera, Edge, Brave, and otherbrowsers, authentication cookies for Discord, and wallet data for the Atomic Wallet and Exodus cryptocurrency wallets. Furthermore, the packages targeted a number of websites, in search of sensitive information, including Coinbase, Gmail, PayPal, eBay, and others.
The packages also look for certain keywords relating to banking,passwords, multi-factor authentication (MFA), and other sensitive information. If found, they’d steal them using the “transfer.sh” file transfer service.
Programmers: look out for these infostealers on the Python Package Index>PyPl has been found hosting AWS keys and malware once again>These are the best firewalls right now
While Fortinet’s researchers weren’t able to link the malicious packages to any existing infostealers,BleepingComputerclaims that the attackers were actually distributing the W4SP stealer. This infostealer has allegedly become “heavily abused” in PyPI packages, the publication claims. Some of the keywords were in French, leading the researchers to believe that the attackers were of French origin.
PyPI is arguably the world’s most popularPythonpackage repository, hosting more than 200,000 packages that developers can use to speed up their development process. As such, it’s a major target for cybercriminals, and news of infostealers being discovered in Python packages has been getting more frequent.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Most of the time, the attackers would impersonate a legitimate package, hoping that the developers would be too distracted, or lazy, to double-check the authenticity of the code they’re grabbing.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Rising AI threats are making firms turn back to human intelligence
Thousands of employees could be falling victim to obvious phishing scams every month
Alien: Romulus gets a Hulu release date but there’s still no word on when it’s coming to Disney Plus
