- Security researchers discovered two software packages on PyPI that showed malicious intent
- These packages allow attackers to access systems and sensitive data
- Researchers warn developers to be careful when using third-party software packages
Experts warn that PyPI continues to be abused after researchers discovered more malware packages hidden on the platform.
one Report Fortinet’s FortiGuard Labs discovered two software packages designed to steal people’s login credentials, grant unauthorized access to devices, and more.
Researchers said they observed Zebo-0.1.0 and Cometlogger-0.1, two software packages that disguise themselves as legitimate code but hide harmful functionality behind complex logic and obfuscation.
Smuggling malware
“The Zebo-0.1.0 script is a typical example malwarewith features designed for surveillance, data exfiltration and unauthorized control,” the researchers explained. “Its use of libraries such as pynput and ImageGrab, as well as obfuscation techniques, demonstrates clear malicious intent.”
The Cometlogger-0.1 script, on the other hand, carries a different set of malicious behaviors, such as dynamic file manipulation, webhook injection, information theft, and anti-VM inspection.
Both packages have been described as complex, persistent and dangerous.
Python is one of the most popular programming languages in the world, and essentially, PyPI is one of the most popular programming languages in the world Open source Code repository. Developers create blocks of code and share them with peers through the platform. Other developers can then use these blocks in their projects, reducing the time needed to write different functionality.
This gives cybercriminals the opportunity to smuggle malicious code and infect countless projects through the software supply chain. Sometimes they hack into legitimate developer accounts and poison their solutions, and other times they mistakenly plant popular solutions in the hope that people will mistakenly download the malware package.
Open source is arguably more secure because code is easily scrutinized by the community at large, but researchers still recommend exercising caution and always verifying third-party scripts and executables before running them.
In addition, enterprises should also put their networks behind firewalls and build intrusion detection systems to protect their infrastructure.