Hundreds of malicious PyPI packages are spreading havoc online
Date:
Tue, 14 Feb 2023 20:05:49 +0000
Description:
Malicious PyPI packages are on the hunt for copied crypto wallet addresses.
FULL STORY ======================================================================
A recent malware campaign that leveraged PyPI to steal peoples cryptocurrency is not only still active, but has significantly expanded in the last three months.
According to a new report from cybersecurity researchers Phylum, the threat actors would create malicious Python packages and upload them to PyPI, the programming languages largest code repository.
Developers would then download these packages to speed up the development process, effectively compromising themselves and everyone who uses their products. PyPl typosquatting
The threat actors would engage in typosquatting - a technique where the malicious package has a name almost identical to a legitimate package, with the difference being in just one letter or symbol. That way, the developers that mistype the name as they look for specific packages could end up unknowingly infecting their products. Furthermore, should they search for packages and come up with multiple ones with similar names, they might not have the time or the patience to analyze them thoroughly.
When this campaign was first spotted in 2022, the researchers found exactly
27 packages - but this number has now swollen to 451. The threat actors would impersonate some of the more popular packages, each of which would have between 13 and 38 typosquatted versions. Read more
More PyPI packages stealing data have been discovered
Malicious PyPi packages turn Discord into password-stealing malware
Check out the best ransomware protection
Those that download the malicious package could end up having their cryptocurrency stolen. The malware would install an add-on to some of the
most popular browsers (Chrome, Edge, Brave, Opera), which would monitor the clipboard for cryptocurrency addresses. If it spots one, it would replace it with another address thats hardcoded to the add-on during pasting.
The idea is that people dont memorize crypto wallets, but rather copy/paste them when sending funds. Wallet addresses are a long string of random characters, making it virtually impossible to remember one. It also means
that when copying and pasting one, the address can be swapped out relatively easily, without the victim noticing anything (unless they inspect both addresses to make sure theyre identical, which is a recommended best practice).
Users that are not careful can easily end up losing all of their cryptos in a transaction that cannot be reversed (unless it was sent out to a third party such as an exchange, which is highly unlikely). These are the best endpoint protection tools right now
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/hundreds-of-malicious-pypi-packages-are-spreadi ng-havoc-online
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)