Hacked PyPI (Python Package Index) 451 infected packages

More than 400 malicious packages were uploaded recently on PyPI (Python Package Index), the official code repository for the Python programming language, following a hacking attack that shows us that targeting software developers is not a passing fad.

The 451 packets recently detected by security firm Phylum contained nearly identical malicious payloads and were uploaded in successive attacks. pypi

Once installed, the packages create a malicious JavaScript extension that loads whenever a browser is opened on the infected device, a trick that gives the malware the ability to start again after reboots.

The JavaScript monitors the infected developer's clipboard for any cryptocurrency addresses they may be using. When an address is found, the malware replaces it with an address belonging to the attacker.

The target: the interception of the developer's payments.

iGuRu.gr The Best Technology Site in Greecegns

every publication, directly to your inbox

Join the 2.111 registrants.
PyPI, python

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).