Dormant PyPI Package Compromised to Spread Nova Sentinel Malware
February 23, 2024 at 12:45PM A dormant package on PyPI, django-log-tracker, was updated after two years to introduce the Nova Sentinel information stealer malware. The update, detected on Feb 21, 2024, suggests a compromise of the PyPI account. The malicious update contained an executable file for the malware. The attack was an attempted supply-chain attack … Read more