More than 400 malicious packages were uploaded recently in PyPI (Python Package Index), the official repository code for the Python programming language, following a hacking attack that shows us that targeting software developers is not a passing fad.
The 451 packets recently detected by security firm Phylum contained nearly identical malicious payloads and were uploaded in successive attacks.
Once installed, the packages create a malicious extension JavaScript που φορτώνει κάθε φορά που ανοίγει ένα πρόγραμμα περιήγησης στη μολυσμένη συσκευή, ένα τέχνασμα που δίνει στο κακόβουλο λογισμικό την δυνατότητα να ξεκινά ξανά μετά από επανεκκινήσεις.
The JavaScript monitors the infected developer's clipboard for any cryptocurrency addresses they may be using. When an address is found, the malware replaces it with an address belonging to the attacker.
The target: the subtheft of developer payments.