MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
libraries
Search

Twelve Malicious Python Libraries Found and Removed From PyPI

Saturday October 27, 2018. 09:34 PM , from Slashdot
An anonymous reader writes:
A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages used typo-squatting in the hopes a user would install them by accident or carelessness when doing a 'pip install' operation for a mistyped more popular package, like Django (ex: diango). Eleven libraries would attempt to either collect data about each infected environment, obtain boot persistence, or even open a reverse shell on remote workstations. A twelfth package, named 'colourama,' was financially-motivated and hijacked an infected users' operating system clipboard, where it would scan every 500ms for a Bitcoin address-like string, which it would replace with the attacker's own Bitcoin address in an attempt to hijack Bitcoin payments/transfers made by an infected user.
54 users downloaded that package -- although all 12 malicious packages have since been taken down.
Four of the packages were misspellings of django -- diango, djago, dajngo, and djanga.

Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/8buBCbDZTLM/twelve-malicious-python-libraries-found-and-rem...
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Thu 21 - 16:36 CET