Tag: pypi
-
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs.All three packages are no longer available on PyPI. The names of the Python packages are below -checker-SaGaF (2,605 downloads)steinlurks (1,049 downloads)sinnercore (3,300 downloads) First seen on…
-
Malicious PyPI package sets sights on Russian developers
First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-package-sets-sights-on-russian-developers
-
New Malware on PyPI Poses Threat to Open-Source Developers
Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-pypi-threat-open-source/
-
Threat Actors Exploit Open Source Packages to Deploy Malware in Supply Chain Attacks
The Socket Threat Research Team has uncovered a surge in supply chain attacks where threat actors weaponize open source software libraries to deliver malicious payloads such as infostealers, remote shells, and cryptocurrency drainers. With modern development heavily reliant on ecosystems like npm, PyPI, Go Module, Maven Central, and RubyGems where 7090% of codebases consist of…
-
Weaponized PyPI Package Targets Developers to Steal Source Code
Security researchers at RL have discovered a malicious Python package called >>solana-token
-
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets.The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times.…
-
RAT-laced PyPI package sets sights on Discord developers
First seen on scworld.com Jump to article: www.scworld.com/brief/rat-laced-pypi-package-sets-sights-on-discord-developers
-
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-pypi-package-hides-rat-malware-targets-discord-devs-since-2022/
-
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan.The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the…
-
Malicious PyPI packages abuse Gmail, websockets to hijack systems
Seven malicious PyPi packages were found using Gmail’s SMTP servers and WebSockets for data exfiltration and remote command execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-pypi-packages-abuse-gmail-websockets-to-hijack-systems/
-
From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities
Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest problem? Our investigation into three seemingly harmless PyPI color packages revealed a hidden background functionality……
-
Credential theft achieved by malicious MEXC order-hijacking PyPI package
First seen on scworld.com Jump to article: www.scworld.com/brief/credential-theft-achieved-by-malicious-mexc-order-hijacking-pypi-package
-
Why the 2025 PyPI Attack Signals a New Era in Cloud Risk
The 2025 PyPI supply chain attack is a stark reminder of just how vulnerable cloud ecosystems remain to sophisticated, stealthy, and evolving threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/why-the-2025-pypi-attack-signals-a-new-era-in-cloud-risk/
-
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens.The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange…
-
Trio of malicious PyPI packages target sensitive information
First seen on scworld.com Jump to article: www.scworld.com/brief/trio-of-malicious-pypi-packages-target-sensitive-information
-
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
A newly discovered malicious PyPi package named ‘disgrasya’ that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/carding-tool-abusing-woocommerce-api-downloaded-34k-times-on-pypi/
-
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information.Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a First seen on…
-
Malicious PyPI Package Targets E-commerce Sites with Automated Carding Script
Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike conventional supply chain attacks that rely on deception or typosquatting, disgrasya was overtly malicious, leveraging PyPI as a distribution platform to reach a broad audience of fraudsters. The package specifically…
-
Thousands Impacted By Data Exfiltrating PyPI Packages
First seen on scworld.com Jump to article: www.scworld.com/brief/thousands-impacted-by-data-exfiltrating-pypi-packages
-
âš¡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Tags: attack, cybersecurity, exploit, finance, fraud, group, Hardware, malware, open-source, pypi, ransomware, router, supply-chain, threat, toolFrom sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source First…
-
AI development pipeline attacks expand CISOs’ software supply chain risk
Tags: access, ai, api, application-security, attack, backdoor, breach, business, ciso, cloud, container, control, cyber, cybersecurity, data, data-breach, detection, encryption, exploit, flaw, fortinet, government, infrastructure, injection, intelligence, LLM, malicious, malware, ml, network, open-source, password, penetration-testing, programming, pypi, risk, risk-assessment, russia, saas, sbom, service, software, supply-chain, threat, tool, training, vpn, vulnerabilitydevelopment pipelines are exacerbating software supply chain security problems.Incidents of exposed development secrets via publicly accessible, open-source packages rose 12% last year compared to 2023, according to ReversingLabs (RL).A scan of 30 of the most popular open-source packages found an average of six critical-severity and 33 high-severity flaws per package.Commercial software packages are also a…
-
Malicious PyPI Packages Stole Cloud Tokens”, Over 14,100 Downloads Before Removal
Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The…
-
New Cyber Attack Targets PyPI Users to Steal Cloud Tokens and Sensitive Data
A recent discovery by ReversingLabs researchers has unveiled a malicious cyber attack targeting the Python Package Index (PyPI) users, a popular platform for Python developers. This sophisticated campaign involves malicious packages masquerading as time-related utilities, but are designed to steal sensitive data, including valuable cloud tokens. The attack highlights the increasing vulnerability of open-source repositories…
-
New PyPI Malware Targets Developers to Steal Ethereum Wallets
A recent discovery by the Socket Research Team has unveiled a malicious PyPI package named set-utils, designed to steal Ethereum private keys by exploiting commonly used account creation functions. This package masquerades as a utility for Python sets, mimicking popular libraries like python-utils and utils, thereby deceiving developers into installing it. Since its release it…
-
This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that’s equipped to steal a victim’s Ethereum private keys by impersonating popular libraries.The package in question is set-utils, which has received 1,077 downloads to date. It’s no longer available for download from the official registry.”Disguised as a simple utility for…
-
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named “set-utils” has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ethereum-private-key-stealer-on-pypi-downloaded-over-1-000-times/
-
Infostealers spread via malicious DeepSeek-spoofing PyPI packages
First seen on scworld.com Jump to article: www.scworld.com/brief/infostealers-spread-via-malicious-deepseek-spoofing-pypi-packages