News

Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python ...
Hackaday6y
When Good Software Goes Bad: Malware In Open Source
But how did this package get hosted on PyPi, the main source of community contributed goodness for Python? How many of you have downloaded packages from PyPi without looking through all of the source?
The Hacker News6d
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
PyPI package 'discordpydebug' hides a RAT, downloaded 11,574 times, using stealthy HTTP polling to bypass defenses.
Malicious PyPI packages abuse Gmail, websockets to hijack systems
Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command ...
Gmail servers hijacked by malicious PyPI packages to spread havoc - here's how to stay safe
Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...
Computing3y
Researchers warn of malicious typosquatting packages making their way into open source repositories
Sonatype researcher Ax Sharma said they had discovered 130 typosquatting packages on the JavaScript package manager npm and a dozen malicious packages on Python Package Index (PyPI). Typosquatting ...