The Hacker News19 小时
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Researchers found Disgrasya downloaded 37,217 times, targeting WooCommerce with carding scripts that steal payment data.
The Hacker News22 天
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring ...
Bleeping Computer1 个月
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon ...
More malicious Python packages are on the loose, experts warn
Security researchers found two packages on PyPI, showing malicious intent The packages grant the attackers access to systems and sensitive data The researchers warn developers to exercise caution when ...
GitHub2 年
DataDog/guarddog: GuardDog is a CLI tool to Identify malicious PyPI packages
GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages or Go modules. It runs a set of heuristics on the package source code (through Semgrep rules) and on the package metadata ...