1. Forum
  2. tqwNet
  3. TQW GENTECH

  • More malicious Python packages are on the loose, experts warn

    From TechnologyDaily@1337:1/100 to All on Tuesday, December 24, 2024 10:45:05
    More malicious Python packages are on the loose, experts warn

    Date:
    Tue, 24 Dec 2024 10:42:51 +0000

    Description:
    Two new packages were found on PyPI stealing data and granting access.

    FULL STORY ======================================================================Security
    researchers found two packages on PyPI, showing malicious intent The
    packages grant the attackers access to systems and sensitive data The researchers warn developers to exercise caution when using third-party packages

    Experts have warned PyPI continues to be abused after researchers discovered more malicious packages hiding on the platform.

    A report from Fortinets FortiGuard Labs discovered two packages designed to steal peoples login credentials, grant unauthorized access to devices, and more.

    The researchers says they observed Zebo-0.1.0, and Cometlogger-0.1, two packages that masquerade as legitimate code, but hide harmful features behind complex logic and obfuscation. Smuggling malware

    The Zebo-0.1.0 script is a typical example of malware , with functions designed for surveillance, data exfiltration, and unauthorized control, the researchers explained. It uses libraries like pynput and ImageGrab, along
    with obfuscation techniques, indicating clear malicious intent.

    The Cometlogger-0.1 script, on the other hand, comes with a different set of malicious behavior, such as dynamic file manipulation, webhook injection, infostealing, and anti-VM checks.

    Both packages are described as sophisticated, persistent, and dangerous.

    Python is one of the worlds most popular programming languages, and by
    nature, PyPI is one of the worlds most popular open source code repositories. Developers build code blocks and share with their peers via the platform. Other developers can then use those blocks on their projects, cutting down on time necessary to code out different features.

    This gives cybercriminals an opportunity to smuggle malicious code, and
    infect countless projects through the software supply chain. Sometimes, they would break into legitimate developer accounts and poison their solutions and other times they would typosquat popular solutions in hopes people would mistakenly download the malicious package.

    Open-source is arguably more secure, since the code is susceptible to
    scrutiny from the entire community, but researchers still advise caution, and always verify third-party scripts and executables before running.

    Furthermore, businesses should also keep their networks behind firewalls, and set up intrusion detection systems to safeguard their infrastructure. You might also like AWS keys stolen by malicious PyPI package with thousands of downloads Here's a list of the best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/more-malicious-python-packages-are-on-t he-loose-experts-warn


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)