Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!

2023-02-14 11:20

Malicious actors have published more than 451 unique Python packages on the official Python Package Index repository in an attempt to infect developer systems with clipper malware.

Targeted web browsers include Google Chrome, Microsoft Edge, Brave, and Opera, with the malware modifying browser shortcuts to load the add-on automatically upon launch using the "-load-extension" command line switch.

The latest set of Python packages exhibits a similar, if not the same, modus operandi, and is designed to function as a clipboard-based crypto wallet replacing malware.

"Flooding the ecosystem with packages like this will continue."

The findings coincide with a report from Sonatype, which found 691 malicious packages in the npm registry and 49 malicious packages in PyPI during the month of January 2023 alone.

The development once again illustrates the growing threat developers face from supply chain attacks, with adversaries relying on methods like typosquatting to trick users into downloading fraudulent packages.

News URL

https://thehackernews.com/2023/02/python-developers-beware-clipper.html

#developer #malware #python

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Python		24	2	52	74	31	159
Pypi		15	0	0	1	15	16

News URL

Related news

Related vendor