Malicious packages published under PyPI registry steal personal data of thousands

The Python Package Index (PyPI) registry removed several Python packages this week that aimed to steal users’ credit card numbers, Discord tokens, and provide code execution capabilities to threat actors. These malicious packages were posted under three different PyPI accounts and are estimated to have been downloaded more than 30,000 times.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

These packages were analyzed by researchers Andrey Polkovnichenko, Omer Kaspi and Shachar Menashe, who captured the PyPi log and divided the packets into the following categories:

According to the analysis, most packages are capable of stealing Discord tokens, payment card numbers, and web browser-related files that could facilitate remote code execution attacks. Contrary to what you might think, all the packages identified employ very simple obfuscation techniques, probably established by novice developers.

Those responsible for this hacking campaign did not just experiment with obfuscation, but also devised new methods for the distribution of the malicious code: “This malware family is falsely advertised as optimization packages, sending potential victims messages like ‘This module optimizes your PC for Python’ across multiple platforms” , the experts mention.

The attack becomes more dangerous considering that a large number of users usually store this sensitive information in their web browsers in order to save time when performing transactions or logging into the various online platforms. A separate report also noted the removal of some npm packages designed to steal Chrome users’ credentials through abuse of legitimate password recovery tools.

On the other hand, a report by the European Union Agency for Cybersecurity (ENISA) notes that 66% of attacks focus on the provider’s code, in addition to an increase of up to 400% in supply chain attacks is expected by the end of 2021.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Malicious packages published under PyPI registry steal personal data of thousands appeared first on Cyber Security News | Exploit One | Hacking News.

By admin