Security News > 2023 > February > Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
2023-02-23 06:25

Cybersecurity researchers are warning of "Imposter packages" mimicking popular libraries available on the Python Package Index repository.

The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3.

"The descriptions for these packages, for the most part, don't hint at their malicious intent," ReversingLabs researcher Lucija Valentić said in a new writeup.

Fortinet, which also disclosed similar rogue HTTP packages on PyPI earlier this week, noted their ability to launch a trojan downloader that, in turn, contains a DLL file packing a variety of functions.

The findings come a day after Checkmarx detailed a surge in spam packages in the open source npm registry that are designed to redirect victims to phishing links.

"As with other supply chain attacks, malicious actors are counting on typosquatting creating confusion and counting on incautious developers to embrace malicious packages with similar-sounding names by accident," Valentić said.


News URL

https://thehackernews.com/2023/02/python-developers-warned-of-trojanized.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Python 24 2 52 74 31 159
Pypi 15 0 0 1 15 16