Malicious PyPI Packages Surface, Attack Discord and Roblox

About PyPI Packages

10 malicious software packages were found in the Python Package Index (PyPI) repository, a week later, many others have come to surface, found by different firms. 

It has become a kind of whack-a-mole drill, taking out malicious codes only to find more taking its place. In the disclosure of last week, Check Point researchers discovered Trojanized packages imitating authentic components, it contained droppers for data stealing malware. 

This compelled Kaspersky researchers to further investigate the open source repository, which resulted in finding two more rogue offerings, known as “pyrequests” and “ultrarequests,” that turned out to be one of the most famous popular packages in PyPI (simply known as “requests”). 

How did the attack happen?

Checkpoint says “Pypi has over 612,240 active users, working on 391,325 projects, with 3,664,724 releases.What many users are not aware is the fact that this one liner simple command can put them at an elevated risk. The pip install command triggers a package installation which can include a setup.py script.”

The threat actor used a description of authentic “requests” package to fool victims into downloading harmful ones. The description includes false faked stats, saying the package was installed more than 230 million times in a month, having more than 48,000 stars on GitHub. 

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents