More than 400 malicious packages were uploaded recently on PyPI (Python Package Index), the official code repository for the Python programming language, following a hacking attack that shows us that targeting software developers is not a passing fad.
All 451 packages were detected recently from security firm Phylum contained nearly identical malicious payloads and were mounted in successive attacks.
Once installed, the packages create a malicious JavaScript extension that loads every time one is opened Browser on the infected device, a trick that allows the malware to start again after reboots.
The JavaScript monitors the infected developer's clipboard for any cryptocurrency addresses they may be using. When an address is found, the malware replaces it with an address belonging to the attacker.
The target: the subtheft of payments of the developer.