Uncategorized

More malicious Python packages are on the loose, experts warn

Two new packages were found on PyPI stealing data and granting access.

Security researchers found two packages on PyPI, showing malicious intent
The packages grant the attackers access to systems and sensitive data
The researchers warn developers to exercise caution when using third-party packages

Experts have warned PyPI continues to be abused after researchers discovered more malicious packages hiding on the platform.

A report from Fortinet’s FortiGuard Labs discovered two packages designed to steal people’s login credentials, grant unauthorized access to devices, and more.

The researchers says they observed Zebo-0.1.0, and Cometlogger-0.1, two packages that masquerade as legitimate code, but hide harmful features behind complex logic and obfuscation.

Smuggling malware

“The Zebo-0.1.0 script is a typical example of malware, with functions designed for surveillance, data exfiltration, and unauthorized control,” the researchers explained. “It uses libraries like pynput and ImageGrab, along with obfuscation techniques, indicating clear malicious intent.”

The Cometlogger-0.1 script, on the other hand, comes with a different set of malicious behavior, such as dynamic file manipulation, webhook injection, infostealing, and anti-VM checks.

Both packages are described as sophisticated, persistent, and dangerous.

Python is one of the world’s most popular programming languages, and by nature, PyPI is one of the world’s most popular open source code repositories. Developers build code blocks and share with their peers via the platform. Other developers can then use those blocks on their projects, cutting down on time necessary to code out different features.

This gives cybercriminals an opportunity to smuggle malicious code, and infect countless projects through the software supply chain. Sometimes, they would break into legitimate developer accounts and poison their solutions and other times they would typosquat popular solutions in hopes people would mistakenly download the malicious package.

Open-source is arguably more secure, since the code is susceptible to scrutiny from the entire community, but researchers still advise caution, and always verify third-party scripts and executables before running.

Furthermore, businesses should also keep their networks behind firewalls, and set up intrusion detection systems to safeguard their infrastructure.

You might also like

AWS keys stolen by malicious PyPI package with thousands of downloads
Here’s a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Read More 

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top
Generated by Feedzy