A malicious Python package on the Python Package Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an info-stealing malware. The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. […]
A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll’s Cyber Threat Intelligence team, with the company calling the malware Colour-Blind. “The ‘Colour-Blind’ malware points to the democratization of cybercrime that could lead […]
Four different rogue packages in the Python Package Index (PyPI) have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized_keys file. The packages in question are aptx, bingchilling2, httops, and tkint3rs, all of which were collectively downloaded about 450 times before they […]
Researchers report that ctx Python, one of the most popular packages of the Python programming language, would have been compromised by threat actors for the injection of a backdoor impossible to detect for users. As reported just a few hours ago, the package received an update version identified as v0.2.6, which attracted attention because ctx […]
Security specialists from the firm JFrog report the discovery of 11 malicious Python packages in the Python Package Index (PyPI) repository, apparently designed for the theft of access tokens to platforms such as Discord, in addition to intercepting passwords and deploying dependency confusion attacks. The list of malicious packages detected in this research is shown […]
A high-severity code injection vulnerability has been disclosed in 23andMe’s Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution. […]