Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

2023-02-23 06:25

Cybersecurity researchers are warning of "Imposter packages" mimicking popular libraries available on the Python Package Index repository.

The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3.

"The descriptions for these packages, for the most part, don't hint at their malicious intent," ReversingLabs researcher Lucija Valentić said in a new writeup.

Fortinet, which also disclosed similar rogue HTTP packages on PyPI earlier this week, noted their ability to launch a trojan downloader that, in turn, contains a DLL file packing a variety of functions.

The findings come a day after Checkmarx detailed a surge in spam packages in the open source npm registry that are designed to redirect victims to phishing links.

"As with other supply chain attacks, malicious actors are counting on typosquatting creating confusion and counting on incautious developers to embrace malicious packages with similar-sounding names by accident," Valentić said.

News URL

https://thehackernews.com/2023/02/python-developers-warned-of-trojanized.html

#developer #libraries #python

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Python		27	10	87	73	27	197
Pypi		14	0	0	14	0	14

News URL

Related news

Related vendor