PyPI helps users locate and install software developed and released by the Python community as well as serving as a repository where developers can distribute their software.
Recently, cybersecurity specialist ESET discovered a series of malicious Python projects within PyPI, each of which deployed a customized backdoor containing cyberespionage functionality.
The malicious code allowed file execution and file exfiltration, and could even - in certain scenarios - enable screenshots to be taken of a user's screen.
ESET also reported that, in some cases, the W4SP Stealer or a clipboard monitor that steals cryptocurrency is delivered instead. In total, 116 malicious packages in PyPI were uploaded across 53 projects and downloaded more than 10,000 times.
By the time ESET published its findings, most of the packages had been taken down by PyPI. And, at this point, all the known malicious packages are now offline.
Also: 7 things even new Linux users can do to better secure the OS. The operators behind this subterfuge used three different techniques for the campaign: placing a test module with minimal, slightly obfuscated malicious code; embedding PowerShell code into the setup.
Py file; and including only malicious code in the package that is slightly obfuscated.
Given how widespread Python is, developers should vet any third-party code they use before adding it to their projects.
ESET firmly believes the abuse of PyPI will continue.
This Cyber News was published on www.zdnet.com. Publication date: Wed, 03 Jan 2024 18:13:05 +0000