"Dormant PyPI Package Compromised to Spread Nova Sentinel Malware"

A package on the Python Package Index (PyPI) repository has been updated after two years to spread Nova Sentinel, an information-stealing malware. According to the software supply chain security company Phylum, the package was first published to PyPI in April 2022. The company detected an anomalous update to the library on February 21, 2024. Although the linked GitHub repository has not been updated since April 10, 2022, a malicious update suggests that the developer's PyPI account has been compromised. The package has been downloaded 3,866 times, with the malicious version downloaded 107 times on the day it was published. This article continues to discuss the package updated to spread Nova Sentinel malware.

THN reports "Dormant PyPI Package Compromised to Spread Nova Sentinel Malware"

Submitted by grigby1

Submitted by Gregory Rigby on