"StackExchange Abused to Spread Malicious PyPI Packages as Answers"

According to Checkmarx researchers, threat actors uploaded malicious Python packages to the PyPI repository and promoted them on the online question-and-answer platform StackExchange. The packages download scripts that steal sensitive data from messaging apps, cryptocurrency wallets, and more. The information-stealing malware can also exfiltrate files containing specific keywords, take screenshots, and send all of the data to a Telegram channel. This article continues to discuss hackers' distribution of malicious Python packages through StackExchange.

BleepingComputer reports "StackExchange Abused to Spread Malicious PyPI Packages as Answers"

Submitted by grigby1