Packages

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data – Go Health Pro

by
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data – Go Health Pro

Apr 05, 2025Ravie LakshmananMalware / Supply Chain Attack Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package … Read more

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal – Go Health Pro

by
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal – Go Health Pro

Mar 15, 2025Ravie Lakshmanan Malware / Supply Chain Security Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it … Read more

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts – Go Health Pro

by
Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts – Go Health Pro

Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads … Read more

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack – Go Health Pro

by
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack – Go Health Pro

Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of … Read more

Fake ChatGPT, Claude PyPI packages spread JarkaStealer malware – Go Health Pro

by
Fake ChatGPT, Claude PyPI packages spread JarkaStealer malware – Go Health Pro

Malicious packages on the Python Package Index (PyPI), claiming to provide API access to OpenAI’s ChatGPT and Anthropic’s Claude AI models, were discovered by Kaspersky researchers to contain the JarkaStealer infostealer malware, the cybersecurity company said in a blog post Thursday.   The packages, named “gptplus” and “claudeai-eng,” were both uploaded by a user called … Read more