malicious Python package
PyPi package with 100K installs pirated music from Deezer for years
A malicious PyPi package named ‘automslc’ has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. Deezer is a music streaming service available in 180 countries that offers access to over 90 million tracks, playlists, and podcasts. It is offered via […]
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named ‘fabrice’ has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to application security company Socket, the package has been downloaded more than 37,000 times and executes platform-specific scripts for Windows and Linux. The large number of downloads is accounted by fabrice typosquatting the […]