Malicious PyPI Packages Infect Thousands of Windows and Linux Systems

December 14, 2023 at 03:26 PM

•

1 min read

Malicious PyPI Packages Infect Thousands of Windows and Linux Systems — Photo: The Hacker News

TL;DR Summary

Researchers have discovered 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor. The packages have been downloaded over 10,000 times since May 2023. The attackers use various techniques to bundle the malicious code into Python packages, with the goal of compromising the targeted host with malware capable of remote command execution, data exfiltration, and taking screenshots. This is the latest in a series of compromised Python packages used for supply chain attacks, highlighting the need for developers to thoroughly vet the code they download.

Topics:technology #backdoor #cybersecurity #malware #python-package-index #supply-chain-attack #windows-and-linux-systems

Share this article

116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems The Hacker News
A pernicious potpourri of Python packages in PyPI We Live Security
Cyber Briefing: 2023.12.15. 👉 What are the latest cybersecurity… | by CyberMaterial | Dec, 2023 Medium
Over 10K downloads amassed by malicious PyPi packages SC Media
PyPI Repository Malware Infects Windows Systems Spiceworks News and Insights

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

79%

465 → 98 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights