"10 Malicious Code Packages Slither into PyPI Registry"

Following notification from a security vendor, administrators of the Python Package Index (PyPI) removed ten malicious software code packages from the registry. The incident is the most recent in a long line of recent instances in which threat actors have placed rogue software on widely used software repositories such as PyPI, Node Package Manager (npm), and Maven Central in order to compromise multiple organizations. According to security analysts, the trend has significantly increased the need for development teams to exercise caution when downloading third-party and open-source code from public registries. Check Point's Spectralops.io researchers found this latest set of malicious packages on PyPI and discovered them to be droppers for information-stealing malware. The packages were designed to look like legitimate code, and in some cases, they imitated other popular PyPI packages. The researchers discovered that the threat actors who placed the malware on the registry had embedded malicious code in the package installation script. As a result, when a developer used the "pip" install command to install one of the rogue packages, the malicious code ran undetected on the user's machine and installed the malware dropper. Three of the ten rogue packages appear to be created by the same threat actor who recently deployed malware on PyPI to steal AWS credentials.

Dark Reading reports "10 Malicious Code Packages Slither into PyPI Registry"