pypi Archives - Developer Tech News https://www.developer-tech.com/news/tag/pypi/ Gaming, Apps, HTML5, Java, PHP, C#, .net, IOT Fri, 04 Aug 2023 11:05:47 +0000 en-GB hourly 1 https://www.developer-tech.com/wp-content/uploads/sites/3/2020/09/dev-icon-60x60.png pypi Archives - Developer Tech News https://www.developer-tech.com/news/tag/pypi/ 32 32 Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign https://www.developer-tech.com/news/2023/aug/04/malicious-pypi-package-ongoing-paperpin-campaign/ https://www.developer-tech.com/news/2023/aug/04/malicious-pypi-package-ongoing-paperpin-campaign/#respond Fri, 04 Aug 2023 11:05:45 +0000 https://www.developer-tech.com/?p=44995 In a recent analysis conducted by Sonatype, a malicious Python Package Index (PyPI) package named ‘VMConnect’ was discovered masquerading as the legitimate VMware vSphere connector module ‘vConnector’. The counterfeit package was found to contain sinister code designed to compromise users’ systems. Further investigation revealed an ongoing campaign involving additional packages like “ethter” and “quantiumbase,” all... Read more »

The post Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2023/aug/04/malicious-pypi-package-ongoing-paperpin-campaign/feed/ 0
Sonatype uncovers further malicious PyPI and npm packages https://www.developer-tech.com/news/2023/jun/23/sonatype-uncovers-further-malicious-pypi-npm-packages/ https://www.developer-tech.com/news/2023/jun/23/sonatype-uncovers-further-malicious-pypi-npm-packages/#respond Fri, 23 Jun 2023 15:47:27 +0000 https://www.developer-tech.com/?p=44763 Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries. Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm “colors” library. The malicious packages, including names such as “broke-rcl,” “brokescolors,” and “trexcolors,” exclusively targeted the Windows operating... Read more »

The post Sonatype uncovers further malicious PyPI and npm packages appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2023/jun/23/sonatype-uncovers-further-malicious-pypi-npm-packages/feed/ 0
PyPI suspends new projects and users due to malicious activity https://www.developer-tech.com/news/2023/may/22/pypi-suspends-new-projects-and-users-malicious-activity/ https://www.developer-tech.com/news/2023/may/22/pypi-suspends-new-projects-and-users-malicious-activity/#respond Mon, 22 May 2023 15:31:24 +0000 https://www.developer-tech.com/?p=44601 The PyPI (Python Package Index) team has temporarily suspended new projects and users on their platform due to malicious activity. This surge in malicious activity aligns with a larger trend observed across several open-source registries in recent months. Notably, incidents such as the flood of malicious packages on the NPM JavaScript package manager and a... Read more »

The post PyPI suspends new projects and users due to malicious activity appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2023/may/22/pypi-suspends-new-projects-and-users-malicious-activity/feed/ 0
PyPI will sell ‘Organization’ accounts to corporate projects https://www.developer-tech.com/news/2023/apr/24/pypi-sell-organization-accounts-corporate-projects/ https://www.developer-tech.com/news/2023/apr/24/pypi-sell-organization-accounts-corporate-projects/#respond Mon, 24 Apr 2023 14:49:43 +0000 https://www.developer-tech.com/?p=44491 Python Packaging Index (PyPI) has announced the introduction of ‘Organization’ accounts, as the first step in its plan to build financial support and long-term sustainability. Organizations on PyPI are self-managed teams with exclusive branded web addresses. PyPI aims to make its platform easier to use for large community projects, organisations, or companies that manage multiple... Read more »

The post PyPI will sell ‘Organization’ accounts to corporate projects appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2023/apr/24/pypi-sell-organization-accounts-corporate-projects/feed/ 0
Clipper malware found in over 451 PyPI packages https://www.developer-tech.com/news/2023/feb/15/clipper-malware-found-in-over-451-pypi-packages/ https://www.developer-tech.com/news/2023/feb/15/clipper-malware-found-in-over-451-pypi-packages/#respond Wed, 15 Feb 2023 17:16:49 +0000 https://www.developer-tech.com/?p=44302 Phylum security researchers have discovered over 451 packages on the Python Package Index (PyPI) that are infected with “clipper” malware. Clippers replace the contents of a victim’s clipboard with something which benefits the attacker. The most prevalent clippers today look for cryptocurrency addresses and modify them to steal funds. Starting on February 9th, Phylum was... Read more »

The post Clipper malware found in over 451 PyPI packages appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2023/feb/15/clipper-malware-found-in-over-451-pypi-packages/feed/ 0
Malware campaign targets official Python and JavaScript repos https://www.developer-tech.com/news/2022/dec/13/malware-campaign-targets-official-python-javascript-repos/ https://www.developer-tech.com/news/2022/dec/13/malware-campaign-targets-official-python-javascript-repos/#respond Tue, 13 Dec 2022 16:38:38 +0000 https://www.developer-tech.com/?p=44138 An active malware campaign is targeting official Python and JavaScript repositories. Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package. Typosquats take advantage of simple typos to install malicious packages. In this case, the... Read more »

The post Malware campaign targets official Python and JavaScript repos appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/dec/13/malware-campaign-targets-official-python-javascript-repos/feed/ 0
PyPI maintainers warn of ongoing phishing attack https://www.developer-tech.com/news/2022/aug/25/pypi-maintainers-warn-ongoing-phishing-attack/ https://www.developer-tech.com/news/2022/aug/25/pypi-maintainers-warn-ongoing-phishing-attack/#respond Thu, 25 Aug 2022 14:30:41 +0000 https://www.developer-tech.com/?p=43743 The maintainers of the Python Package Index (PyPI) have warned of an ongoing phishing attack targeting users. “Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI,” wrote the maintainers in a tweet. A phishing email is sent to users warning that PyPI is implementing... Read more »

The post PyPI maintainers warn of ongoing phishing attack appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/aug/25/pypi-maintainers-warn-ongoing-phishing-attack/feed/ 0
PyPI package installs cryptominer on Linux systems https://www.developer-tech.com/news/2022/aug/15/pypi-package-installs-cryptominer-on-linux-systems/ https://www.developer-tech.com/news/2022/aug/15/pypi-package-installs-cryptominer-on-linux-systems/#respond Mon, 15 Aug 2022 11:36:57 +0000 https://www.developer-tech.com/?p=43719 A malicious PyPI package was used to install a Monero cryptominer on Linux systems. The package in question, secretslib, was pushed to the official third-party software repo for Python on 6th August 2022. The package was described as “secrets matching and verification made easy”. Sonatype’s automated malware detection system flagged secretslib as potentially malicious. Further... Read more »

The post PyPI package installs cryptominer on Linux systems appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/2022/aug/15/pypi-package-installs-cryptominer-on-linux-systems/feed/ 0