1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Python programming libraries found hiding security threats

    From TechnologyDaily@1337:1/100 to All on Mon Aug 15 16:15:04 2022
    Python programming libraries found hiding security threats

    Date:
    Mon, 15 Aug 2022 14:59:00 +0000

    Description:
    Someone's been typosquatting their way into Python products, stealing developers' data in the process.

    FULL STORY ======================================================================

    Threat actors have been using typosquatting to attack Python developers with malware, researchers have claimed.

    Experts from Spectralops.io recently analyzed PyPI, a software repository for Python programmers, and found ten malicious packages on the platform. All of these were given names that are almost identical to the names of legitimate packages in order to dupe developers into downloading, and adopting, the tainted ones.

    This type of attack is called typosquatting, and is a common occurrence among cybercriminals. Its not used just on code repositories (although weve seen numerous instances on GitHub, for example, in the past), but also in phishing emails , fake websites, and in identity theft. Thousands of developers at
    risk

    Should the victims adopt these packages, theyd be giving threat actors keys
    to their kingdoms, given that the malware enables private data theft, as well as the theft of developer credentials. The attackers would then send the data to a third party, with the victims never knowing what happened. As of today, Spectralops reminds, PyPi has more than 600,000 active users, suggesting that the threat landscape is quite large.

    These attacks rely on the fact that the Python installation process can include arbitrary code snippets, which is a place for malicious players to
    put their malicious code at, explained Ori Abramovsky, Data Science Lead at Spectralops.io. We discovered it using machine learning models which analyze the code of these packages and auto alert on the malicious ones.

    Heres the full list of the affected packages: Ascii2text Pyg-utils, Pymocks and PyProto2 Test-async Free-net-vpn and Free-net-vpn2 Zlibsrc Browserdiv, WINRPCexpoit Read more

    Tackling malicious domains and typosquatting


    Simple supply chain attack compromises hundreds of websites and apps


    Here's what we think are the best firewalls right now

    The researchers reached out to PyPI which, soon after, removed the malicious packages from its repository. Still, developers that downloaded them in the past are still at risk, and should refresh their passwords and other login credentials, just in case.

    Whats remarkable here is just how common these malicious packages are, Abramovsky continued. They are simple, yet dangerous. Personally, once I encountered these types of attacks, I started double checking every Python package I use. Sometimes I even download it and manually observe its code prior to installing it. Keep your business safe with the best endpoint protection



    ======================================================================
    Link to news story: https://www.techradar.com/news/python-programming-libraries-found-hiding-secur ity-threats/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)