"Dormant PyPI Package Compromised to Spread Nova Sentinel Malware"
"Dormant PyPI Package Compromised to Spread Nova Sentinel Malware"
A package on the Python Package Index (PyPI) repository has been updated after two years to spread Nova Sentinel, an information-stealing malware. According to the software supply chain security company Phylum, the package was first published to PyPI in April 2022. The company detected an anomalous update to the library on February 21, 2024. Although the linked GitHub repository has not been updated since April 10, 2022, a malicious update suggests that the developer's PyPI account has been compromised.