Security News > 2022 > August > Malicious PyPi packages aim DDoS attacks at Counter-Strike servers
A dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server.
Python Package Index is a repository of open-source software packages that developers can easily incorporate into their Python projects to build complex apps with minimal effort.
As anyone can upload packages to the repository, and packages are not removed unless they are reported as malicious, the repository is being more commonly abused by threat actors who use it to steal developer credentials or deploy malware.
This weekend, researchers at Checkmarx discovered that a user named "Devfather777" published 12 packages that used a name similar to other popular packages to trick software developers into using the malicious versions instead. Typosquatting attacks rely on developers mistakenly using a malicious package with a similar name to a legitimate one.
While CheckMarx reported the packages to the PyPi repository, they remain online at the time of this writing.
If you use the 12 mentioned packages and might have made a typing error this weekend, scrutinize your projects and double-check that you are using the legitimate software packages.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)