Search cyberveille.decio.ch

Python Crypto Library Updated to Steal Private Keys

Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean

#phylum #EN #2024 #Python #Crypto #Library #PyPI #malicious #code #aiocpa #Supply-chain-attack

·blog.phylum.io·Nov 29, 2024

Python Crypto Library Updated to Steal Private Keys

Malicious Python Package Targets macOS Developers

A package called “lr-utils-lib” was uploaded to PyPi in early June 2024, containing malicious code that executes automatically upon installation. The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data. The harvested credentials are sent to a remote server.

#checkmarx #EN #2024 #macOS #stealer #Supply-chain-attack #PyPI #pypi-malware #lr-utils-lib #developpers

·checkmarx.com·Jul 29, 2024

Malicious Python Package Targets macOS Developers

Iraq-based cybercriminals deploy malicious Python packages to steal data

An information-stealing script embedded in a Python package on the popular repository PyPI appears to be connected to a cybercriminal operation based in Iraq, according to researchers at Checkmarx.

#therecord.media #EN #2024 #PyPI #Python #Infostealer #Supply-chain-attack

·therecord.media·Jul 18, 2024

Iraq-based cybercriminals deploy malicious Python packages to steal data

Russia-linked 'Lumma' crypto stealer now targets Python devs

Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.

#sonatype #EN #2024 #PyPI #Lumma #Python #cryptocurrency #developers

·sonatype.com·Jun 9, 2024

Russia-linked 'Lumma' crypto stealer now targets Python devs

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Cybercriminals pose as "helpful" Stack Overflow users to push malware

Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.

#bleepingcomputer #EN #2024 #Information-stealing-malware #Packages #PyPI #Python #Stack-OverFlow #pytoileur

·bleepingcomputer.com·May 30, 2024

Cybercriminals pose as "helpful" Stack Overflow users to push malware

Malicious PyPI packages targeting highly specific MacOS machines

In this post, we analyze a cluster of malicious PyPI packages targeting specific MacOS machines.

#datadoghq #EN #2024 #macos #PyPI #packages #Supply-chain-attack

·securitylabs.datadoghq.com·May 24, 2024

Malicious PyPI packages targeting highly specific MacOS machines

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

PyPI halted new users and projects while it fended off supply-chain attack

Automation is making attacks on open source code repositories harder to fight.

#arstechnica #EN #2024 #PyPI #Automation #malicious #packages #attack

·arstechnica.com·Mar 28, 2024

PyPI halted new users and projects while it fended off supply-chain attack

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Info Stealing Packages Hidden in PyPI

An info-stealing PyPI malware author was identified discreetly uploading malicious packages.

#FortiGuard-Labs-Threat-Research #fortinet #2024 #EN #PyPI #malware #Supply-chain-attack

·fortinet.com·Jan 23, 2024

Info Stealing Packages Hidden in PyPI

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs

FortiGuard Labs cover the attack phases of three new PyPI packages that bear a resemblance to the culturestreak PyPI package discovered earlier this year. Learn more.

#fortinet #EN #2023 #FortiGuard-Labs-Threat-Research #Supply-chain-attack #PyPI #Packages #CoinMiner

·fortinet.com·Jan 5, 2024

Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

A pernicious potpourri of Python packages in PyPI

The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds.

#welivesecurity #EN #2023 #Python #packages #malicious #PyPI

·welivesecurity.com·Dec 15, 2023

A pernicious potpourri of Python packages in PyPI

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Uncovering thousands of unique secrets in PyPI packages

Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.

#gitguardian #EN #2023 #GitGuardian #PyPI #research #hardcoded #credentials #secret #packages

·blog.gitguardian.com·Nov 16, 2023

Uncovering thousands of unique secrets in PyPI packages

Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack

During the month of September, an attacker operating under the pseudonym "kohlersbtuh15", attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and the code contained within them, it appears that this attacker targeted developers that use Aliyun services (Alibaba Cloud), telegram, and AWS.

#checkmarx #EN #2023 #PyPi #Supply-chain-attack #kohlersbtuh15

·checkmarx.com·Oct 13, 2023

Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Malicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware.

#securityweek #EN #2023 #macos #phylum #PyPI #NPM #Ruby #Supply-Chain-Attack

·securityweek.com·Sep 6, 2023

Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

Phylum has identified a malware campaign spanning PyPI, npm and RubyGems. Delivering early stage malware to users.

#phylum #EN #2023 #Supply-Chain-Attack #npm #PyPI #RubyGems #macOS

·blog.phylum.io·Sep 6, 2023

Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers

VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard

In early August, ReversingLabs identified a malicious supply chain campaign that the research team dubbed “VMConnect.” That campaign consisted of two dozen malicious Python packages posted to the Python Package Index (PyPI) open-source repository. The packages mimicked popular open-source Python tools, including vConnector, a wrapper module for pyVmomi VMware vSphere bindings; eth-tester, a collection of tools for testing Ethereum-based applications; and databases, a tool that gives asynchronous support for a range of databases.

#securityboulevard #EN #2023 #Supply-Chain-Attack #VMConnect #PyPI

·securityboulevard.com·Sep 1, 2023

VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard

Six Malicious Python Packages in the PyPI Targeting Windows Users

Malicious packages on PyPI copy W4SP attacks to steal users’ credentials and crypto wallet data. This incident illustrates issues in open-source ecosystems.

#unit42 #EN #2023 #PyPI #W4SP #attacks #packages #Supply-Chain-Attack

·unit42.paloaltonetworks.com·Jul 11, 2023

Six Malicious Python Packages in the PyPI Targeting Windows Users

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.

#sonatype #EN #2023 #PyPI #malware #Supply-Chain-Attack

·blog.sonatype.com·Jun 23, 2023

PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

#PyPI #ctx #PHP #supplychain #attack #sonatype #EN #2022 #exfiltration #steal #Supply-chain-security

·blog.sonatype.com·May 25, 2022

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables