#PyPIthreat

‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names

by

September 4, 2024 at 04:43PM Security researchers have discovered a concerning method for attackers to distribute malicious payloads through the PyPI package repository. By re-registering a removed package with the same name, adversaries can pass off rogue packages as legitimate ones. This “Revival Hijack” method poses a clear threat, with 120,000 abandoned packages susceptible to … Read more

PyPi package backdoors Macs using the Sliver pen-testing suite

by

May 13, 2024 at 05:58PM A new malicious Python package, ‘requests-darwin-lite’, mimicked the ‘requests’ library on PyPI to target macOS devices, deploying the Sliver C2 adversary framework with steganography in a PNG file. The campaign’s discovered steps involved executing the Sliver payload on targets. Despite its removal, the incident highlights Sliver’s increased use in breaching … Read more