PyPI

Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

| | dependencies, npm, PyPI, Sonatype Lifecycle, Sonatype Repository Firewall
Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ...
2024 Sonatype Blog
Russia-linked 'Lumma' crypto stealer now targets Python devs

Russia-linked ‘Lumma’ crypto stealer now targets Python devs

| | Malware Analysis, malware prevention, PyPI, Sonatype Repository Firewall, Vulnerabilities
Imagine being a developer who's building the next-gen crypto app by using popular open source components to speed up coding. Instead, you end up including a package in your build that, does ...
2024 Sonatype Blog
code inspection.

Malicious PyPI Package ‘Pytoileur’ Targets Windows and Leverages Stack Overflow for Distribution

| | Malware, PyPI, python, Sonatype, windows malware
Another day, another PyPI malware package. But this one has a new way to (try to) sneak into your computer ...
Security Boulevard
PyPI crypto-stealer targets Windows users, revives malware campaign

PyPI crypto-stealer targets Windows users, revives malware campaign

| | FEATURED, Malware Analysis, Nexus Firewall, PyPI, python, Sonatype Repository Firewall, Vulnerabilities
Sonatype has discovered 'pytoileur', a malicious PyPI package hiding code that downloads and installs trojanized Windows binaries capable of surveillance, achieving persistence, and crypto-theft. Our discovery of the malware led us to ...
2024 Sonatype Blog

PyPI Malicious Package Uploads Used To Target Developers

| | Check Point, Checkmarx, countermeasures, Cyber Threats, Cybersecurity, Cybersecurity News, data theft, Developer Security, digital assets, Malicious package uploads, Malware, online security, package management, persistence, Phylum, PyPI, risk mitigation, software supply chain, Typosquatting, Windows operating system
In light of the recent cybercriminal activity, new user sign-ups on the PyPI platform were halted. Currently, an increase in PyPI malicious package uploads is being deemed the reason behind the suspension ...
TuxCare
Closeup of person going “Shhh!”

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

| | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
supply chain software

Malicious Packages in npm, PyPI Highlight Supply Chain Threat

| | cyberattacks, npm security, PyPI, PyPI malicious packages, software supply chain attack, supply chain
Software developers are being targeted with malicious packages in npm and PyPI as threat groups launch software supply-chain attacks ...
Security Boulevard

3 Malicious PyPI Packages Hide CoinMiner on Linux Devices

| | coinminer, Crypto, Crypto miners, Cyber Threats, Cybersecurity, Cybersecurity Weaknesses, Developer Security, Linux & Open Source News, linux systems, open source, PyPI, PyPI malicious packages, Python developers, Python Malware
In a recent cybersecurity revelation, the Python Package Index (PyPI) has fallen victim to the infiltration of three malicious packages: modularseven, driftme, and catme. These packages, although now removed, managed to amass ...
TuxCare

PyPI Malicious Packages with Thousands of Downloads Targeting Python Developers

| | Cyber Threats, cybersecurity defense strategies, Cybersecurity Weaknesses, enterprise security, Linux & Open Source News, PyPI, PyPI malicious packages, Python developers, Python Malware, Python Packages, steganography malware
For the past six months, an unidentified threat actor has been slipping malicious packages into the Python Package Index (PyPI), a repository for Python software. The aim? To unleash malware capable of ...
TuxCare

Unveiling BlazeStealer Malware Python Packages on PyPI

| | BlazeStealer Malware, code obfuscation, Crypto-Themed npm Modules, Cyber Threats, Cybersecurity News, Cybersecurity Threat, data theft, developers, Discord Bot, Geographic Impact, Malicious Modules, open source development, Package Vetting, Phylum, Proactive Cybersecurity, PyPI, Python Packages, security breach, software supply chain security, Vigilance
In a recent revelation, a cluster of malicious Python packages has infiltrated the Python Package Index (PyPI), posing a significant threat to developers’ systems by aiming to pilfer sensitive information. These deceptive ...
TuxCare
Load more