Hundreds of malicious PyPI packages are spreading havoc online

A recent malware campaign that leveraged PyPI to steal people’s cryptocurrency is not only still active, but has significantly expanded in...

A recent malware campaign that leveraged PyPI to steal people’s cryptocurrency is not only still active, but has significantly expanded in the last three months. 

According to a new report from cybersecurity researchers Phylum, the threat actors would create malicious Python packages and upload them to PyPI, the programming language’s largest code repository.

Developers would then download these packages to speed up the development process, effectively compromising themselves and everyone who uses their products.

PyPl typosquatting

The threat actors would engage in typosquatting - a technique where the malicious package has a name almost identical to a legitimate package, with the difference being in just one letter or symbol. That way, the developers that mistype the name as they look for specific packages could end up unknowingly infecting their products. Furthermore, should they search for packages and come up with multiple ones with similar names, they might not have the time or the patience to analyze them thoroughly. 

When this campaign was first spotted in 2022, the researchers found exactly 27 packages - but this number has now swollen to 451. The threat actors would impersonate some of the more popular packages, each of which would have between 13 and 38 typosquatted versions.

Those that download the malicious package could end up having their cryptocurrency stolen. The malware would install an add-on to some of the most popular browsers (Chrome, Edge, Brave, Opera), which would monitor the clipboard for cryptocurrency addresses. If it spots one, it would replace it with another address that’s hardcoded to the add-on during pasting.

The idea is that people don’t memorize crypto wallets, but rather copy/paste them when sending funds. Wallet addresses are a long string of random characters, making it virtually impossible to remember one. It also means that when copying and pasting one, the address can be swapped out relatively easily, without the victim noticing anything (unless they inspect both addresses to make sure they’re identical, which is a recommended best practice). 

Users that are not careful can easily end up losing all of their cryptos in a transaction that cannot be reversed (unless it was sent out to a third party such as an exchange, which is highly unlikely). 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/p4gl7HI
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Hundreds of malicious PyPI packages are spreading havoc online
Hundreds of malicious PyPI packages are spreading havoc online
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/02/hundreds-of-malicious-pypi-packages-are.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/02/hundreds-of-malicious-pypi-packages-are.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy