• Info Stealing Packages Hidden in PyPI

    Author
    Topic
    #2632451

    https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi

    The identified packages—nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111—exhibit attack methodologies similar to those outlined in a Checkmarx blog post published four months ago.

    HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 22H2
    Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 8.00 GB

    HP ProDesk 400 G5 SFF PC / Windows 11 Pro / 23H2
    Intel®Core™ “Coffee Lake” i3-8100 3.6 GHz / 16.00 GB
    1 user thanked author for this post.
    Viewing 1 reply thread
    Author
    Replies
    • #2632453

      Hey All,

      FYI: PyPi = Python Package Index. Yeah, I had to look it up!

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      4 users thanked author for this post.
    • #2633007

      You are only at risk if you are a Python developer and download a malicious package from PyPi. Us mere mortals can relax.

      cheers, Paul

      1 user thanked author for this post.
    Viewing 1 reply thread
    Reply To: Info Stealing Packages Hidden in PyPI

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: