Security News

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks
2022-08-25 04:45

The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages. "This is the first known phishing attack against PyPI," the maintainers of the official third-party software repository said in a series of tweets.

XCSSET Malware Updates with Python 3 to Target macOS Monterey Users
2022-08-23 13:46

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers Phil Stokes and Dinesh Devadoss said in a report.

10 Credential Stealing Python Libraries Found on PyPI Repository
2022-08-10 05:22

In what's yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python Package Index for their ability to harvest critical data points such as passwords and Api tokens. The packages "Install info-stealers that enable attackers to steal developer's private data and personal credentials," Israeli cybersecurity firm Check Point said in a Monday report.

An Easier Way to Keep Old Python Code Healthy and Secure
2022-07-25 15:47

Without refactoring, a shift from Python 2.7 to Python 3.0 often means the code for Python 2.7 just doesn't work that well anymore, or even at all. Running existing code on an outdated version of Python avoids quite a lot of challenges because you don't need to refactor: you're keeping your code just the way it was.

PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects
2022-07-10 22:23

The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication condition for projects deemed "Critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index said in a tweet last week.

Python packages with malicious code expose secret AWS credentials
2022-06-27 07:03

Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and environment variables. All those credentials and metadata then get uploaded to one or more endpoints, and anyone on the web can see this.

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys
2022-06-26 22:58

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma.

PyPi python packages caught sending stolen AWS keys to unsecured sites
2022-06-25 15:32

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone. PyPI is a repository of open-source packages that software developers use to pick the building blocks of their Python-based projects or share their work with the community.

Old Python package comes back to life and delivers malicious payload
2022-05-26 13:40

Python packages are generally updated often as their developers add new functionalities or features, remove bugs or increase stability. An old Python package named "Ctx," not updated since 2014, suddenly came back to life with new updates.

Poisoned Python and PHP packages purloin passwords for AWS access
2022-05-25 18:04

A keen-eyed researcher at SANS recently wrote about a new and rather specific sort of supply chain attack against open-source software modules in Python and PHP. Following on-line discussions about a suspicious public Python module, Yee Ching Tok noted that a package called ctx in the popular PyPi repository had suddenly received an "Update", despite not otherwise being touched since late 2014. In theory, of course, there's nothing wrong with old packages suddenly coming back to life.