Security News > 2021 > August > Credit-card-stealing, backdoored packages found in Python's PyPI library hub
Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI, the official third-party software repository for Python.
A package dubbed noblesse, and five variants, would, we're told, look on Windows systems for Discord authentication tokens, and browser-stored credit card numbers, and siphon them off to remote systems.
Another called pytagora, and a variant, would execute arbitrary Python code provided by a remote system.
We've covered PyPI package security previously here.
The PyPI team also just patched a remote-code execution hole in their platform, which potentially could have been exploited to hijack the entire hub of Python libraries.
Privilege-escalation exploit code has emerged here for the Windows PetitPotam security weakness.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/08/02/in_brief_security/