"Malicious Python Package Uses Unicode Support to Evade Detection"

Researchers at the supply chain security company Phylum discovered a malicious Python package on the Python Package Index (PyPI) repository that uses Unicode to avoid detection and deploy information-stealing malware. On March 15, 2023, the onyxproxy package was uploaded to the PyPI repository. An analysis of the package found that it supports capabilities for harvesting data. Phylum's automated platform discovered the malicious onyxproxy package on PyPI, which harvests and exfiltrates credentials and other sensitive data. According to Phylum's study, this package is, in many ways, representative of other token stealers widespread on PyPI. However, one element of this package drew the attention of researchers: an obfuscation approach that was anticipated in 2007 during a discussion regarding Python's support for Unicode, which was documented in PEP-3131. This article continues to discuss the discovery of a malicious package on PyPI that uses Unicode to evade detection while stealing sensitive data.

Security Affairs reports "Malicious Python Package Uses Unicode Support to Evade Detection"