1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • More PyPl packages hacked following phishing attack

    From TechnologyDaily@1337:1/100 to All on Fri Aug 26 15:45:03 2022
    More PyPl packages hacked following phishing attack

    Date:
    Fri, 26 Aug 2022 14:26:52 +0000

    Description:
    Package maintainers gave away login credentials, which were then used to
    taint packages with malicious code.

    FULL STORY ======================================================================

    Scammers have tricked PyPI Python package maintainers into giving away their login credentials, then used the passwords to log in and taint the packages with malware , experts have claimed.

    The news was confirmed by Django project board member Adam Johnson, after being attacked himself, with "hundreds of packages being affected.

    According to the report, an unknown threat actor sent out phishing emails to package maintainers, claiming they need to validate themselves, otherwise their packages would be removed from the platform. Johnson said clicking on the link in the email sent the targets to a fairly convincing phishing site. Hundreds of tainted packages

    Some maintainers fell for it, the report says, giving their login credentials to the fraudsters. They used that information to hijack several hundreds packages, which were later removed from the platform, it was confirmed. Among the malicious things the code does is exfiltrating the endpoint 's computer name to domain linkedopports[.]com and downloading a trojan.

    "We're actively reviewing reports of new malicious releases, and ensuring
    that they are removed and the maintainer accounts restored," says PyPI.
    "We're also working to provide security features like 2FA more prevalent across projects on PyPI." Read more

    Python programming libraries found hiding security threats


    Malicious PyPi packages turn Discord into password-stealing malware


    Get rid of ransomware with the best ransomware removal around

    PyPI, the worlds largest Python code repository, with more than 600,000
    active users, has been under a barrage of attacks lately. Less than a month ago, researchers found almost a dozen malicious packages, all typosquats. Typosquatting is a malware distribution technique in which the malicious package has a name almost identical to the authentic one, carrying only a small typo, which might trick developers into downloading and using that one, instead of the authentic one.

    Just last week, another dozen malicious packages were discovered, whose goal was to steal sensitive data stored in browsers, install backdoors into the Discord client, steal authentication tokens, and payment data. These are the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/more-pypl-packages-hacked-following-phishing-at tack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)