1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Some official Python repos were infected with malware

    From TechnologyDaily@1337:1/100 to All on Thu Jun 24 13:45:03 2021
    Some official Python repos were infected with malware

    Date:
    Thu, 24 Jun 2021 12:31:37 +0000

    Description:
    Malicious packages find their way into PyPI once again.

    FULL STORY ======================================================================

    Cybersecurity researchers recently discovered half a dozen typosquatting packages in the official PyPI repository of the Python programming languages that contained cryptomining malware.

    The discovery was made by software supply chain automation and security provider Sonatype, which found six malicious packages that used slight variations in the names of popular Python packages to capitalize on users spelling mistakes.

    In all, the six counterfeit packages garnered over 5000 downloads, once again highlighting the threat to software supply chains. These are the best
    endpoint protection tools Here's our choice of the best malware removal software on the market Check our list of the best firewall apps and services

    Our analysis tools are consistently catching and blocking counterfeit and malicious software components before they strike modern software supply chains, writes Sonatype security researcher, Ax Sharma. Supply chain attacks

    Sharmas analysis shows the fake packages were all submitted by the same author, some dating as far back as April 2021.

    This isnt the first time malicious users have managed to infuse dubious packages inside PyPI, and Sonatype argues it wont be the last, however unfortunate that might sound.

    Reporting on the development, Ars Technica notes the previous attacks on
    PyPI, adding that malicious code has been found lurking in other public repositories as well, such as RubyGems for the Ruby programming language and npm for the JavaScript language.

    While they shouldnt be taken lightly, the revelations can quickly turn ugly when viewed in context of the recent Veracode finding that suggests a
    majority of developers never update third-party open source libraries after including them in a codebase. Protect your devices with these best antivirus software



    ======================================================================
    Link to news story: https://www.techradar.com/news/official-python-repos-contained-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)