"Malicious 'SentinelOne' PyPI Package Steals Data From Developers"

Threat actors have uploaded on PyPI a malicious Python package named 'SentinelOne' that masquerades as the authentic Software Development Kit (SDK) client for a reputable American cybersecurity company, but actually steals data from developers. The package provides the requested functionality, which is access to the SentinelOne Application Programming Interface (API) from another project. However, this package has been Trojanized to collect sensitive information from infected developer systems. ReversingLabs found the attack, confirmed the malicious behavior, and reported the package to SentinelOne and PyPI, resulting in the package's removal. Since its initial upload to PyPI on December 11, 2022, the malicious SentinelOne package has been updated twenty times. According to the researchers, the package is considered to be a replica of the legitimate SentinelOne SDK python client, and the threat actor updated it to enhance and repair its malicious capability. All released versions of the malware package have been downloaded more than 1,000 times from PyPI. This article continues 

Bleeping Computer reports "Malicious 'SentinelOne' PyPI Package Steals Data From Developers"