PyPI

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal – Go Health Pro

by
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal – Go Health Pro

Mar 15, 2025Ravie Lakshmanan Malware / Supply Chain Security Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it … Read more

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts – Go Health Pro

by
Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts – Go Health Pro

Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads … Read more

Cryptocurrency Miner Found in PyPI Versions – Go Health Pro

by
Cryptocurrency Miner Found in PyPI Versions – Go Health Pro

Dec 07, 2024Ravie LakshmananSupply Chain Attack / Cryptocurrency In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) … Read more

Fake ChatGPT, Claude PyPI packages spread JarkaStealer malware – Go Health Pro

by
Fake ChatGPT, Claude PyPI packages spread JarkaStealer malware – Go Health Pro

Malicious packages on the Python Package Index (PyPI), claiming to provide API access to OpenAI’s ChatGPT and Anthropic’s Claude AI models, were discovered by Kaspersky researchers to contain the JarkaStealer infostealer malware, the cybersecurity company said in a blog post Thursday.   The packages, named “gptplus” and “claudeai-eng,” were both uploaded by a user called … Read more

Rogue PyPI Library Solana Customers, Steals Blockchain Pockets Keys – Go Well being Professional

by
Rogue PyPI Library Solana Customers, Steals Blockchain Pockets Keys – Go Well being Professional

Aug 11, 2024Ravie LakshmananProvide Chain / Software program Safety Cybersecurity researchers have found a brand new malicious bundle on the Python Bundle Index (PyPI) repository that masquerades as a library from the Solana blockchain platform however is definitely designed to steal victims’ secrets and techniques. “The professional Solana Python API mission is named ‘solana-py’ on … Read more

x