silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,903
A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems.
The malicious packages, discovered by Fortinet, were all uploaded by the same author named 'Lolip0p' between January 7 and 12, 2023. Their names are 'colorslib,' 'httpslib,' and 'libhttps.' All three have been reported and removed from the PyPI.
Unfortunately, even after removing those packages from the PyPI, threat actors can still re-upload them at a later time under a different name.
To ensure the safety and security of their projects, software developers should pay attention selecting packages for download. This includes checking the package's authors and reviewing the code any suspicious or malicious intent.
Malicious ‘Lolip0p’ PyPi packages install info-stealing malware
A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems.
www.bleepingcomputer.com