Malicious package flood on PyPI might be sign of new attacks to come

Over the weekend an attacker has been uploading thousands of malicious Python packages on the public PyPI (Python Package Index) software repository. If executed on a Windows system, these packages will download and install a Trojan program hosted on Dropbox.

Flooding public package repositories with malicious packages is not entirely new. Last year researchers detected a group of 186 packages from the same account on the JavaScript npm repository that were designed to install cryptomining software on Linux systems. However, according to researchers on Twitter, this new incident on PyPI was much larger in scope and involved over 5,000 packages, as the attacker kept pushing new ones as the PyPI maintainers were finding and removing the already published ones. So this might be a sign of future attacks to come.

To read this article in full, please click here