Beware: Official Python repository found to contain malicious projects Posted on January 3, 2024 by admin BeeBright/Getty Images PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software developed and released by the Python community as well as serving as a repository where developers can distribute their software. Also: How to use ChatGPT to write code Recently, cybersecurity specialist ESET discovered a series of malicious Python projects within PyPI, each of which deployed a customized backdoor containing cyberespionage functionality. The malicious code allowed file execution, file exfiltration, and the ability to take screenshots of a user’s screen in certain scenarios, as well as delivering the W4SP Stealer or a clipboard monitor that steals cryptocurrency in some cases. Over 10,000 downloads were recorded across 53 projects on PyPI, with 116 malicious packages being uploaded. According to ESET researcher Marc-Etienne M. Léveillé, “Some malicious package names do look similar to other, legitimate packages, but we believe the main way they are installed by potential victims isn’t via typosquatting, but social engineering, where they are walked through running pip to install an ‘interesting’ package for whatever reason.” In his blog post “A pernicious potpourri of Python packages in PyPI,” M.Léveillé said, “PyPI continues to be abused by cyber attackers to compromise Python programmers’ devices.” He continues, “This campaign displays a variety of techniques being used to include malware in Python packages. Python developers should thoroughly vet the code they download, especially checking for these techniques, before installing it on their systems. As well as continuing to abuse the open-source W4SP Stealer, the operators have also deployed a simple, but effective, backdoor. We expect that such abuse of PyPI will continue and advise caution when installing code from any public software repository.” By the time ESET published its findings, most of the packages had been taken down by PyPI, and all known malicious packages are now offline. The operators used three different techniques for the campaign: placing a test module with minimal, slightly obfuscated malicious code; embedding PowerShell code into the setup.py file; and including only malicious code in the package that is slightly obfuscated. On Windows, the backdoor was implemented in Python. On Linux, the backdoor used the Go language. Given how widespread Python is, developers should vet any third-party code they use before adding it to their projects. ESET firmly believes the abuse of PyPI will continue, and M.Léveillé went as far as advising caution in “installing code from any public software repo.” Post navigation Previous: SuperDuperDB: Your Gateway to Accessible AI ApplicationsNext: The Dangers of a Low-Quality USB-C Cable and Charger for Your iPhone Related Posts News Secure Your Online Activities with ESET NOD32 2024 Antivirus Software for Just $25 admin January 12, 2024 0 ESET NOD32 Antivirus 2024 Edition is on sale for $25 through Jan. 14. The software offers proactive, multilayered protection against viruses, malware, ransomware, worms, spyware, […] News Google Unveils 5 Thrilling New Android Features at CES 2024 admin January 9, 2024 0 Google announced new Android features at CES 2024, including Quick Share, Fast Pair expansion, casting to more apps and devices, device interoperability with Matter, and […] News Exclusive Offer: Microsoft Project 2021 Pro or Visio 2021 for only $30 admin January 14, 2024 0 Microsoft Project 2021 Pro and Visio 2021 are currently on sale for $30, offering essential project management solutions for professionals. Visio provides robust diagramming tools, […]
News Secure Your Online Activities with ESET NOD32 2024 Antivirus Software for Just $25 admin January 12, 2024 0 ESET NOD32 Antivirus 2024 Edition is on sale for $25 through Jan. 14. The software offers proactive, multilayered protection against viruses, malware, ransomware, worms, spyware, […]
News Google Unveils 5 Thrilling New Android Features at CES 2024 admin January 9, 2024 0 Google announced new Android features at CES 2024, including Quick Share, Fast Pair expansion, casting to more apps and devices, device interoperability with Matter, and […]
News Exclusive Offer: Microsoft Project 2021 Pro or Visio 2021 for only $30 admin January 14, 2024 0 Microsoft Project 2021 Pro and Visio 2021 are currently on sale for $30, offering essential project management solutions for professionals. Visio provides robust diagramming tools, […]