November 7, 2024 at 05:04AM A malicious package named “fabrice” on PyPI has stealthily stolen AWS credentials from developers for over three years, with over 37,100 downloads. It exploits trust in the legitimate library “fabric,” using various payloads to execute attacks on both Linux and Windows systems, facilitating credential theft. ### Meeting Takeaways – Nov … Read more
October 2, 2024 at 02:31AM Malicious packages posing as cryptocurrency wallet recovery services were found in the Python Package Index. They targeted users of prominent wallet services, offering utility functions while secretly stealing sensitive wallet data. The attack exploited open-source trust and dynamic malicious capabilities, highlighting the need for comprehensive security measures in the cryptocurrency … Read more
September 16, 2024 at 09:27AM A critical security flaw in Google Cloud Platform Composer, now patched, could have allowed remote code execution via a supply chain attack called dependency confusion. This could have led to a large-scale supply chain attack by tricking the package manager into downloading a malicious package. The issue was fixed by … Read more
July 27, 2024 at 02:00AM Cybersecurity researchers found a malicious package “lr-utils-lib” on the Python Package Index, targeting specific Apple macOS systems to steal Google Cloud credentials. It checks for macOS, compares UUID against hardcoded hashes, and harvests Google Cloud data. The captured info is sent to a remote server. Social engineering tactics suggest a … Read more
May 29, 2024 at 01:51PM Cybersecurity researchers have discovered a malicious Python package, “pytoileur,” in the Python Package Index repository, aiming to enable cryptocurrency theft. The package’s code executes a Base64-encoded payload to retrieve a Windows binary from an external server, establishing persistence and dropping spyware and data-stealing malware. This method signifies an unprecedented abuse … Read more
March 29, 2024 at 02:09AM The Python Package Index (PyPI) temporarily halted new user sign-ups due to an influx of malicious projects aimed at developers. Threat actors used typosquatting to upload deceptive versions of popular packages, targeting sensitive data and crypto wallets. Over 500 suspicious packages were uploaded within days, highlighting the increasing risk of … Read more
March 25, 2024 at 02:13PM The Top.gg Discord bot community, with over 170,000 members, has been targeted by a supply-chain attack aiming to deliver malware for data theft and monetization. The attacker used various tactics, including hijacking GitHub accounts and distributing malicious Python packages. This campaign compromised user data from various platforms, highlighting the risks … Read more
March 25, 2024 at 02:06PM A supply-chain attack has targeted the Top.gg Discord bot community of over 170,000 members, aiming to distribute malware for data theft and monetization. An attacker used various tactics, including hijacking accounts and creating fake Python packages, leading to compromised systems and data theft. This underscores the risks in the open-source … Read more
February 23, 2024 at 12:45PM A dormant package on PyPI, django-log-tracker, was updated after two years to introduce the Nova Sentinel information stealer malware. The update, detected on Feb 21, 2024, suggests a compromise of the PyPI account. The malicious update contained an executable file for the malware. The attack was an attempted supply-chain attack … Read more
February 21, 2024 at 04:27AM Cybersecurity researchers discovered two malicious Python packages on PyPI repository, NP6HelperHttptest and NP6HelperHttper, using DLL side-loading to evade detection by security software. These fake packages aimed to deceive developers into downloading rogue counterparts of legitimate ones. The malicious code included a remote access trojan and was part of a wider … Read more