Python
Python rejects $1.5M grant from U.S. govt. fearing ethical compromise
The Python Software Foundation (PSF) has withdrawn its $1.5 million grant proposal to the U.S. National Science Foundation (NSF) due to funding terms forcing a compromise on its commitment to diversity, equity, and inclusion. The funding would come through NSF’s Safety, Security, and Privacy of Open Source Ecosystems program, an initiative that finances research and development efforts […]
PyPI urges users to reset credentials after new phishing attacks
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default source for Python’s package management tools, hosting hundreds of thousands of packages and providing developers with a centralized platform to distribute third-party software […]
PyPI now blocks domain resurrection attacks used for hijacking accounts
The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for open-source Python packages. It is used by software developers, product maintainers, and companies working with Python libraries, tools, and frameworks. Accounts of project maintainers publishing software on PyPI are […]
Hackers target Python devs in phishing attacks using fake PyPI site
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a repository for Python packages, accessible at pypi.org, that offers a centralized platform for developers to distribute and install third-party software libraries. It hosts hundreds […]
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. Named “discordpydebug,” the package was masquerading as an error logger utility for developers working on Discord bots and was downloaded over 11,000 times since it was uploaded on March 21, 2022, even […]
Malicious PyPI packages abuse Gmail, websockets to hijack systems
Seven malicious PyPi packages were found using Gmail’s SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket’s threat research team, who reported their findings to the PyPI, resulting in the removal of the packages. However, some of these packages were on PyPI for over four years, and based […]
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
A newly discovered malicious PyPi package named ‘disgrasya’ that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. The script specifically targeted WooCommerce stores using the CyberSource payment gateway to validate cards, which is a key step for carding actors who need to evaluate thousands of stolen […]
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named “set-utils” has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. The package disguises itself as a utility for Python, mimicking the popular “python-utils,” which has over 712 million downloads, and “utils,” which counts over 23.5 million installs. Researchers […]
Malicious PyPi package steals Discord auth tokens from devs
A malicious package named ‘pycord-self’ on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The package mimics the highly popular ‘discord.py-self,’ which has nearly 28 million downloads, and even offers the functionality of the legitimate project. The official package is a Python […]
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named ‘fabrice’ has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to application security company Socket, the package has been downloaded more than 37,000 times and executes platform-specific scripts for Windows and Linux. The large number of downloads is accounted by fabrice typosquatting the […]