Tag: pypi

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

May 30, 2025 12:55 AM

Tags: access, ai, api, attack, china, cloud, computer, credentials, detection, infrastructure, malicious, ml, network, pypi, risk, software, supply-chain, tool

Malicious code in ML models is hard to detect: While Hugging Face hosts models directly, PyPI hosts Python software packages, so detection of poisoned models hidden inside Pickle files hidden inside packages could prove even harder for developers and PyPI’s maintainers, given the extra layer of obfuscation.The attack campaign discovered by ReversingLabs involved three packages:…
6 rising malware trends every security pro should know

May 29, 2025 8:55 AM

Tags: adobe, ai, antivirus, apple, attack, awareness, backdoor, business, captcha, cloud, corporate, cybercrime, data, defense, detection, encryption, endpoint, exploit, extortion, framework, group, hacking, incident response, infrastructure, intelligence, Internet, law, leak, macOS, malicious, malware, network, password, phishing, powershell, programming, pypi, ransom, ransomware, service, social-engineering, software, supply-chain, tactics, theft, threat, tool, update, vulnerability, worm

Malicious packages targeting developer environments: Threat actors are systematically compromising the software supply chain by embedding malicious code within legitimate development tools, libraries, and frameworks that organizations use to build applications.”These supply chain attacks exploit the trust between developers and package repositories,” Immersive’s McCarthy tells CSO. “Malicious packages often mimic legitimate ones while running harmful…
Malicious PyPI packages exploit ML models to deploy infostealer

May 28, 2025 10:55 PM

Tags: exploit, malicious, ml, pypi

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-packages-exploit-ml-models-to-deploy-infostealer
Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users

May 28, 2025 6:54 PM

Tags: ai, malware, pypi

ReversingLabs discovers new malware hidden inside AI/ML models on PyPI, targeting Alibaba AI Labs users. Learn how attackers… First seen on hackread.com Jump to article: hackread.com/malware-ai-models-pypi-targets-alibaba-ai-labs-users/
Malicious Machine Learning Model Attack Discovered on PyPI

May 27, 2025 3:54 PM

Tags: attack, exploit, malicious, malware, pypi

A novel attack exploited machine learning models on PyPI, using zipped Pickle files to deliver infostealer malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-machine-learning-model/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 46

May 25, 2025 4:54 PM

Tags: attack, extortion, international, malicious, malware, pypi, ransomware, tool

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack How a Trusted IT Tool Became a Malware Delivery Vector Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts […]…
Malicious attack method on hosted ML models now targets PyPI

May 23, 2025 10:55 PM

Tags: ai, attack, chatgpt, cybersecurity, exploit, intelligence, malicious, ml, open-source, openai, pypi, software, supply-chain, threat, tool
TikTok, Instagram APIs exploited by PyPI packages for account validation

May 21, 2025 10:54 PM

Tags: api, exploit, pypi

First seen on scworld.com Jump to article: www.scworld.com/brief/tiktok-instagram-apis-exploited-by-pypi-packages-for-account-validation
Schädliche PyPI-Pakete missbrauchen Instagram- und TikTok-APIs

May 20, 2025 4:54 PM

Tags: api, cybersecurity, mail, pypi, tool

Cybersecurity-Forscher haben mehrere bösartige Python-Pakete entdeckt, die gezielt auf gestohlene E-Mail-Adressen angesetzt wurden. Die Tools nutzten offizielle Programmierschnittstellen (APIs) von TikTok und Instagram, um zu prüfen, ob bestimmte E-Mail-Adressen mit Nutzerkonten verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/pypi-instagram-tiktok-apis
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

May 20, 2025 9:54 AM

Tags: api, breach, cybersecurity, email, exploit, malicious, pypi, tool

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs.All three packages are no longer available on PyPI. The names of the Python packages are below -checker-SaGaF (2,605 downloads)steinlurks (1,049 downloads)sinnercore (3,300 downloads) First seen on…
Malicious PyPI package sets sights on Russian developers

May 19, 2025 10:54 PM

Tags: malicious, pypi, russia

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-package-sets-sights-on-russian-developers
New Malware on PyPI Poses Threat to Open-Source Developers

May 19, 2025 6:54 PM

Tags: backdoor, malicious, malware, open-source, pypi, threat

Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-pypi-threat-open-source/
Backdoor implant discovered on PyPI posing as debugging utility

May 16, 2025 12:54 AM

Tags: attack, backdoor, country, crypto, finance, malicious, open-source, pypi, russia, software, supply-chain, threat, ukraine
Threat Actors Exploit Open Source Packages to Deploy Malware in Supply Chain Attacks

May 15, 2025 6:54 PM

Tags: attack, crypto, cyber, exploit, malicious, malware, open-source, pypi, software, supply-chain, threat

The Socket Threat Research Team has uncovered a surge in supply chain attacks where threat actors weaponize open source software libraries to deliver malicious payloads such as infostealers, remote shells, and cryptocurrency drainers. With modern development heavily reliant on ecosystems like npm, PyPI, Go Module, Maven Central, and RubyGems where 7090% of codebases consist of…
Weaponized PyPI Package Targets Developers to Steal Source Code

May 14, 2025 12:38 PM

Tags: blockchain, cyber, malicious, open-source, pypi, software

Security researchers at RL have discovered a malicious Python package called >>solana-token
Same name, different hack: PyPI package targets Solana developers

May 13, 2025 8:38 PM

Tags: attack, blockchain, crypto, infrastructure, malicious, open-source, pypi, software, supply-chain, threat
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

May 13, 2025 6:38 PM

Tags: blockchain, cybersecurity, malicious, pypi, tool

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets.The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times.…
RAT-laced PyPI package sets sights on Discord developers

May 8, 2025 10:10 PM

Tags: pypi, rat

First seen on scworld.com Jump to article: www.scworld.com/brief/rat-laced-pypi-package-sets-sights-on-discord-developers
Malicious PyPi package hides RAT malware, targets Discord devs since 2022

May 8, 2025 9:11 PM

Tags: access, malicious, malware, pypi, rat

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-pypi-package-hides-rat-malware-targets-discord-devs-since-2022/
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

May 7, 2025 10:50 AM

Tags: access, cybersecurity, malicious, malware, open-source, pypi

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan.The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the…
Malicious PyPi, npm packages found abusing trusted services for data theft

May 2, 2025 10:50 PM

Tags: data, malicious, pypi, service, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/malicious-pypi-npm-packages-found-abusing-trusted-services-for-data-theft
Malicious PyPI packages abuse Gmail, websockets to hijack systems

May 1, 2025 6:50 PM

Tags: data, malicious, pypi

Seven malicious PyPi packages were found using Gmail’s SMTP servers and WebSockets for data exfiltration and remote command execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-pypi-packages-abuse-gmail-websockets-to-hijack-systems/
From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities

Apr 17, 2025 2:28 PM

Tags: breach, data, malicious, marketplace, pypi

Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest problem? Our investigation into three seemingly harmless PyPI color packages revealed a hidden background functionality……
Credential theft achieved by malicious MEXC order-hijacking PyPI package

Apr 16, 2025 11:28 PM

Tags: credentials, malicious, pypi, theft

First seen on scworld.com Jump to article: www.scworld.com/brief/credential-theft-achieved-by-malicious-mexc-order-hijacking-pypi-package
Why the 2025 PyPI Attack Signals a New Era in Cloud Risk

Apr 16, 2025 9:28 PM

Tags: attack, cloud, pypi, risk, supply-chain, vulnerability

The 2025 PyPI supply chain attack is a stark reminder of just how vulnerable cloud ecosystems remain to sophisticated, stealthy, and evolving threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/why-the-2025-pypi-attack-signals-a-new-era-in-cloud-risk/
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

Apr 15, 2025 5:28 PM

Tags: api, credentials, crypto, cybersecurity, malicious, pypi

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens.The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange…
Trio of malicious PyPI packages target sensitive information

Apr 7, 2025 10:42 PM

Tags: malicious, pypi

First seen on scworld.com Jump to article: www.scworld.com/brief/trio-of-malicious-pypi-packages-target-sensitive-information
Carding tool abusing WooCommerce API downloaded 34K times on PyPI

Apr 6, 2025 5:42 PM

Tags: api, credit-card, malicious, open-source, pypi, tool

A newly discovered malicious PyPi package named ‘disgrasya’ that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/carding-tool-abusing-woocommerce-api-downloaded-34k-times-on-pypi/
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Apr 5, 2025 12:42 PM

Tags: cybersecurity, data, malicious, pypi

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information.Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a First seen on…
Malicious PyPI Package Targets E-commerce Sites with Automated Carding Script

Apr 4, 2025 7:42 PM

Tags: attack, credit-card, cyber, cybersecurity, data-breach, fraud, malicious, pypi, supply-chain

Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike conventional supply chain attacks that rely on deception or typosquatting, disgrasya was overtly malicious, leveraging PyPI as a distribution platform to reach a broad audience of fraudsters. The package specifically…