Home Security Python Builders Warned of Trojanized PyPI Packages Mimicking Common Libraries

Python Builders Warned of Trojanized PyPI Packages Mimicking Common Libraries

by crpt os


Feb 23, 2023Ravie LakshmananSoftware Security / Supply Chain Attack

Cybersecurity researchers are warning of “imposter packages” mimicking popular libraries available on the Python Package Index (PyPI) repository.

The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3.

The names of the packages are as follows:

aio5, aio6, htps1, httiop, httops, httplat, httpscolor, httpsing, httpslib, httpsos, httpsp, httpssp, httpssus, httpsus, httpxgetter, httpxmodifier, httpxrequester, httpxrequesterv2, httpxv2, httpxv3, libhttps, piphttps, pohttp, requestsd, requestse, requestst, ulrlib3, urelib3, urklib3, urlkib3, urllb, urllib33, urolib3, xhttpsp

“The descriptions for these packages, for the most part, don’t hint at their malicious intent,” ReversingLabs researcher Lucija Valentić said in a new writeup. “Some are disguised as real libraries and make flattering comparisons between their capabilities and those of known, legitimate HTTP libraries.”

But in reality, they either harbor downloaders that act as a conduit to deliver second-stage malware to infected hosts or information stealers that are designed to exfiltrate sensitive data such as passwords and tokens.

Fortinet, which also disclosed similar rogue HTTP packages on PyPI earlier this week, noted their ability to launch a trojan downloader that, in turn, contains a DLL file (Rdudkye.dll) packing a variety of functions.

The development is just the latest attempt by malicious actors to poison open source repositories like GitHub, npm, PyPI, and RubyGems to propagate malware to developer systems and mount supply chain attacks.

The findings come a day after Checkmarx detailed a surge in spam packages in the open source npm registry that are designed to redirect victims to phishing links.

“As with other supply chain attacks, malicious actors are counting on typosquatting creating confusion and counting on incautious developers to embrace malicious packages with similar-sounding names by accident,” Valentić said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex