PyPI

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

Aug 11, 2024 by iHash Leave a Comment

Aug 11, 2024Ravie LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets. "The legitimate Solana Python API project is known as 'solana-py' on GitHub, but simply … [Read more...] about Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials

Jul 27, 2024 by iHash Leave a Comment

Jul 27, 2024NewsroomCybersecurity / Cloud Security Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "lr-utils-lib," attracted a total of 59 downloads before it was taken down. It … [Read more...] about Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials

These PyPI Python Packages Can Drain Your Crypto Wallets

Mar 12, 2024 by iHash Leave a Comment

Mar 12, 2024The Hacker NewsCryptocurrency / Cybercrime Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were … [Read more...] about These PyPI Python Packages Can Drain Your Crypto Wallets

BlazeStealer Malware Discovered in Python Packages on PyPI

Nov 8, 2023 by iHash Leave a Comment

Nov 08, 2023NewsroomSupply Chain / Software Security A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware called BlazeStealer, … [Read more...] about BlazeStealer Malware Discovered in Python Packages on PyPI

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Feb 23, 2023 by iHash Leave a Comment

Feb 23, 2023Ravie LakshmananSoftware Security / Supply Chain Attack Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3. The … [Read more...] about Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

Jan 17, 2023 by iHash Leave a Comment

Jan 17, 2023Ravie LakshmananSoftware Security / Supply Chain A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) – by … [Read more...] about Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Dec 24, 2022 by iHash Leave a Comment

Dec 24, 2022Ravie LakshmananSoftware Security / Supply Chain Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade Stealer, Leaf … [Read more...] about W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

Nov 5, 2022 by iHash Leave a Comment

Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," … [Read more...] about Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Nov 19, 2021 by iHash Leave a Comment

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following … [Read more...] about 11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Several Malicious Typosquatted Python Libraries Found On PyPI Repository

Jul 30, 2021 by iHash Leave a Comment

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. "Lack of moderation and automated security controls in public software repositories allow even inexperienced … [Read more...] about Several Malicious Typosquatted Python Libraries Found On PyPI Repository

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54