Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 2
33 résultats taggé PyPI  ✕
PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion https://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/
30/05/2025 11:12:33
QRCode
archive.org

Checkmarx Zero researcher Ariel Harush has discovered evidence of a malicious package campaign that is consistent with live adversarial activity and adversarial research and testing. This campaign targets Python and NPM users on Windows and Linux via typo-squatting and name-confusion attacks against colorama (a widely-used Python package for colorizing terminal output) on PyPI and the similar colorizr JavaScript package on NPM. These malicious packages were uploaded to PyPI.

  • Multiple packages uploaded to PyPI with significantly risky payloads were uploaded with names similar to legitimate packages in both PyPI and NPM.
  • The tactic of using the name from one ecosystem (NPM) to attack users of a different ecosystem (PyPI) is unusual.
  • Payloads allow persistent remote access to and remote control of desktops and servers, as well as harvesting and exfiltrating sensitive data.
  • Windows payloads attempt to bypass antivirus/endpoint protection controls to avoid detection.
  • Packages have been removed from public repositories, limiting immediate potential for damage.
    These behaviors are consistent with targeted adversarial activity and coordinated campaigns. It is likely, based on this pattern, that these were created either to attack a particular target or set of targets. No clear attribution data is currently available, so we do not know whether this campaign is connected to a well-known adversary.

Cross-Platform Supply Chain Attacks Targeting Users of

checkmarxEN 2025 Supply-Chain-Attack PyPI Colorizr Colorama
Malicious PyPI Package Targets Discord Developers with Remot... https://socket.dev/blog/malicious-pypi-package-targets-discord-developers-with-RAT
10/05/2025 22:40:20
QRCode
archive.org
thumbnail

The Socket Research team investigates a malicious Python package disguised as a Discord error logger that executes remote commands and exfiltrates data via a covert C2 channel.
On March 21, 2022, a Python package ‘discordpydebug’ was uploaded to the Python Package Index (PyPI) under the name "Discord py error logger." At first glance, it appeared to be a simple utility aimed at developers working on Discord bots using the Discord.py library. However, the package concealed a fully functional remote access trojan (RAT). Over time, the package reached over 11,000 downloads, placing thousands of developer systems at risk.

The package targeted developers who build or maintain Discord bots, typically indie developers, automation engineers, or small teams who might install such tools without extensive scrutiny. Since PyPI doesn’t enforce deep security audits of uploaded packages, attackers often take advantage of this by using misleading descriptions, legitimate-sounding names, or even copying code from popular projects to appear trustworthy. In this case, the goal was to lure unsuspecting developers into installing a backdoor disguised as a debugging aid.

Discord’s developer ecosystem is both massive and tightly knit. With over 200 million monthly active users, more than 25% of whom interact with third-party apps, Discord has rapidly evolved into a platform where developers not only build but also live test, share, and iterate on new ideas directly with their users. Public and private servers dedicated to development topics foster an informal, highly social culture where tips, tools, and code snippets are shared freely and often used with little scrutiny. It’s within these trusted peer-to-peer spaces that threat actors can exploit social engineering tactics, positioning themselves as helpful community members and promoting tools like discordpydebug under the guise of debugging utilities.

The fact that this package was downloaded over 11,000 times, despite having no README or documentation, highlights how quickly trust can be weaponized in these environments. Whether spread via casual recommendation, targeted DMs, or Discord server threads, such packages can gain traction before ever being formally vetted.

socket.dev EN 2025 Malicious PyPI supply-chain-attack Discord discordpydebug
Using Trusted Protocols Against You: Gmail as a C2 Mechanism... https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism
02/05/2025 11:40:53
QRCode
archive.org
thumbnail

Socket’s Threat Research Team uncovered malicious Python packages designed to create a tunnel via Gmail. The threat actor’s email is the only potential clue as to their motivation, but once the tunnel is created, the threat actor can exfiltrate data or execute commands that we may not know about through these packages. These seven packages:

Coffin-Codes-Pro
Coffin-Codes-NET2
Coffin-Codes-NET
Coffin-Codes-2022
Coffin2022
Coffin-Grave
cfc-bsb
use Gmail, making these attempts less likely to be flagged by firewalls and endpoint detection systems since SMTP is commonly treated as legitimate traffic.

These packages have since been removed from the Python Package Index (PyPI).

socket.dev EN 2025 supply-chain-attack PyPI Python packages malicious Gmail tunnel
JFrog Detects Malicious PyPi package Stealing Crypto Tokens https://jfrog.com/blog/malicious-pypi-package-hijacks-mexc-orders-steals-crypto-tokens/
24/04/2025 13:45:24
QRCode
archive.org
thumbnail

Learn how JFrog detected a malicious package that steals MEXC credentials and crypto trading tokens to buy and sell futures on crypto trading platforms.

JFrog EN 2025 PyPi MEXC credentials stealer malicious ccxt-mexc-futures supply-chain-attack
Carding tool abusing WooCommerce API downloaded 34K times on PyPI https://www.bleepingcomputer.com/news/security/carding-tool-abusing-woocommerce-api-downloaded-34k-times-on-pypi/?ref=metacurity.com
07/04/2025 21:10:54
QRCode
archive.org
thumbnail

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform.

bleepingcomputer EN 2025 Carding Credit-Card Packages PyPI Python WooCommerce
Python Crypto Library Updated to Steal Private Keys https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys/
29/11/2024 23:18:25
QRCode
archive.org
thumbnail

Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean

phylum EN 2024 Python Crypto Library PyPI malicious code aiocpa Supply-chain-attack
Malicious Python Package Targets macOS Developers https://checkmarx.com/blog/malicious-python-package-targets-macos-developers-to-access-their-gcp-accounts/?ref=news.risky.biz
29/07/2024 09:26:47
QRCode
archive.org
thumbnail
  • A package called “lr-utils-lib” was uploaded to PyPi in early June 2024, containing malicious code that executes automatically upon installation.
  • The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data.
  • The harvested credentials are sent to a remote server.
checkmarx EN 2024 macOS stealer Supply-chain-attack PyPI pypi-malware lr-utils-lib developpers
Iraq-based cybercriminals deploy malicious Python packages to steal data https://therecord.media/iraq-cybercriminals-python-based-infostealer-pypi?_hsenc=p2ANqtz-8qzrAM5mnOGvItSx2pDNTwWqQxyFNDlKq54MT8n5ivT3COdXjT71xW2nneojY19e5azWbfFrE35XlsGKxrTv7ncaVRzg&_hsmi=316193425
18/07/2024 09:54:38
QRCode
archive.org
thumbnail

An information-stealing script embedded in a Python package on the popular repository PyPI appears to be connected to a cybercriminal operation based in Iraq, according to researchers at Checkmarx.

therecord.media EN 2024 PyPI Python Infostealer Supply-chain-attack
Russia-linked 'Lumma' crypto stealer now targets Python devs https://www.sonatype.com/blog/crytic-compilers-typosquats-known-crypto-library-drops-windows-trojan
09/06/2024 16:32:39
QRCode
archive.org
thumbnail

Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.

sonatype EN 2024 PyPI Lumma Python cryptocurrency developers
Cybercriminals pose as "helpful" Stack Overflow users to push malware https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
30/05/2024 08:20:16
QRCode
archive.org
thumbnail

Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.

bleepingcomputer EN 2024 Information-stealing-malware Packages PyPI Python Stack-OverFlow pytoileur
Malicious PyPI packages targeting highly specific MacOS machines https://securitylabs.datadoghq.com/articles/malicious-pypi-package-targeting-highly-specific-macos-machines/
24/05/2024 11:22:40
QRCode
archive.org
thumbnail

In this post, we analyze a cluster of malicious PyPI packages targeting specific MacOS machines.

datadoghq EN 2024 macos PyPI packages Supply-chain-attack
PyPI halted new users and projects while it fended off supply-chain attack https://arstechnica.com/security/2024/03/pypi-halted-new-users-and-projects-while-it-fended-off-supply-chain-attack/
28/03/2024 22:45:47
QRCode
archive.org
thumbnail

Automation is making attacks on open source code repositories harder to fight.

arstechnica EN 2024 PyPI Automation malicious packages attack
Info Stealing Packages Hidden in PyPI https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi
23/01/2024 10:08:55
QRCode
archive.org
thumbnail

An info-stealing PyPI malware author was identified discreetly uploading malicious packages.

FortiGuard-Labs-Threat-Research fortinet 2024 EN PyPI malware Supply-chain-attack
Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices
05/01/2024 18:44:07
QRCode
archive.org
thumbnail

FortiGuard Labs cover the attack phases of three new PyPI packages that bear a resemblance to the culturestreak PyPI package discovered earlier this year. Learn more.

fortinet EN 2023 FortiGuard-Labs-Threat-Research Supply-chain-attack PyPI Packages CoinMiner
A pernicious potpourri of Python packages in PyPI https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
15/12/2023 21:57:30
QRCode
archive.org
thumbnail

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.

welivesecurity EN 2023 Python packages malicious PyPI
Uncovering thousands of unique secrets in PyPI packages https://blog.gitguardian.com/uncovering-thousands-of-unique-secrets-in-pypi-packages/
16/11/2023 15:01:57
QRCode
archive.org
thumbnail

Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.

gitguardian EN 2023 GitGuardian PyPI research hardcoded credentials secret packages
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack https://checkmarx.com/blog/users-of-telegram-aws-and-alibaba-cloud-targeted-in-latest-supply-chain-attack/
13/10/2023 09:20:30
QRCode
archive.org
thumbnail

During the month of September, an attacker operating under the pseudonym "kohlersbtuh15", attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and the code contained within them, it appears that this attacker targeted developers that use Aliyun services (Alibaba Cloud), telegram, and AWS.

checkmarx EN 2023 PyPi Supply-chain-attack kohlersbtuh15
Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek https://www.securityweek.com/developers-warned-of-malicious-pypi-npm-ruby-packages-targeting-macs/
06/09/2023 15:01:22
QRCode
archive.org
thumbnail

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

securityweek EN 2023 macos phylum PyPI NPM Ruby Supply-Chain-Attack
Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers https://blog.phylum.io/malware-campaign-targets-npm-pypi-and-rubygems-developers/
06/09/2023 15:00:06
QRCode
archive.org
thumbnail

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

phylum EN 2023 Supply-Chain-Attack npm PyPI RubyGems macOS
VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard https://securityboulevard.com/2023/08/vmconnect-supply-chain-attack-continues-evidence-points-to-north-korea/
01/09/2023 23:08:00
QRCode
archive.org
thumbnail

In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases.

securityboulevard EN 2023 Supply-Chain-Attack VMConnect PyPI
page 1 / 2
4472 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio