Researchers identified eight malicious Python libraries on PyPI web portal. According to the report, these packages were downloaded more than 30000 times. However, all the packages were removed from the portal after finding them containing malicious code for stealing credit cards and injecting code. Let’s see more about these malicious Python Libraries.
Table of Contents
We have been told several times, supply chain attacks are dramatically increasing these days. Because supply chain attacks are hard to identify and easy to compromise, this is quite obvious. People trust the vendor sites to download the packages and install them on their resources, assuming they are secure. To the sad, sometimes attackers succeed in hosting infected packages on the Vendor sites to launch the attack on the customers. This development in the cyber world made people no surprise even if their network gets infected from a genuine source.
What Is PyPI?
PyPI is the official third-party package repository for Python on which millions of Python packages are available for download. It is also called Python Package Index.
List Of Malicious Python Libraries Found On PyPI:
Lint of Malicious Python Libraries are listed below:
Package name | Maintainer | Payload |
---|---|---|
noblesse | xin1111 | Discord token stealer, Credit card stealer (Windows-based) |
genesisbot | xin1111 | Same as noblesse |
are | xin1111 | Same as noblesse |
suffer | suffer | Same as noblesse , obfuscated by PyArmor |
noblesse2 | suffer | Same as noblesse |
noblessev2 | suffer | Same as noblesse |
pytagora | leonora123 | Remote code injection |
pytagora2 | leonora123 | Same as pytagora |
What Is The Impact Of These Malicious Python Libraries?
The research found that these packages were found communicating with other malicious codes for plunder credit cards information, download other malware programs on the victim machine, steal passwords stored on the web browsers. Remote code executions, amass system information, steal discord authentication tokens to impersonate victims, injecting code, and maybe more.
What Should You Do If You Have Downloaded Any Of These Malicious Python Libraries?
Supply chain attacks are almost impossible to prevent and difficult to detect. However, we have to learn how to be safeguard from such attacks. We suggest a few things, which could help you stop these attacks and few action items to minimize the damage if you have downloaded any packages.
Precautions:
- Set up an identical pre-production environment and run the security test on the newly-downloaded software or packages.
- Always keep the backup up to date to restore if in case of breakdown.
Action items if you found infected:
- Isolate the infected machine.
- Remove the malicious Python packages from the machine.
- Check the saved password in the browsers and change these compromised passwords in each respective website. Go here to see the saved passwords in edge browser: edge://settings/passwords
- Check the saved card information on the browser. Cancel the card if saved. Go here to see the saved cards in Chrome: chrome://settings/payments
- Run the full scan with antimalware solutions.
- Restore the system if you have taken the backup.
Thanks for reading this post. Please share this post and help to secure the digital world.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270011.html