"Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!"

In an attempt to infect developer systems with clipper malware, malicious actors have published over 451 Python packages on the Python Package Index (PyPI) repository. The libraries were discovered by the software supply chain security company Phylum, which stated that the ongoing activity is a continuation of a campaign that was first exposed in November 2022. Typosquatting is used to imitate popular packages, including beautifulsoup, bitcoinlib, cryptofeed, matplotlib, pandas, pytorch, scikit-learn, scrapy, selenium, solana, and tensorflow. In a report published last year, Phylum stated that after installation, a malicious JavaScript file is dropped on the device and launched in the background of any web browsing session. When a developer copies a cryptocurrency address, the attacker's address replaces the copied address on the clipboard. This article continues to discuss the discovery of clipper malware in more than 451 different Python packages.

THN reports "Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!"