Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


Credit-card stealing malware found in official Python repository

Image Description

Cybersecurity researchers have once again found malicious packages lurking in Python’s official repository, PyPI.

According to estimates from the security research team at DevOps specialists JFrog, the eight malicious Python packages were downloaded more than 30,000 times. 

The researchers’ analysis reveals that the tainted packages are designed to sniff out credit card information that’s usually auto-saved by some popular web browsers including Chrome and Edge.

“The continued discovery of malicious software packages in popular repositories like PyPI is an alarming trend that can lead to widespread supply chain attacks. The ability for attackers to use simple obfuscation techniques to introduce malware means developers have to be concerned and vigilant,” observed Asaf Karas, CTO, Security at JFrog.

Checks and controls

PyPI has purged the packages after being alerted by JFrog. 

According to the JFrog, in addition to siphoning credit card details, the packages also scraped tokens of the Discord messaging platform, which could be used to impersonate the user. 

PyPI has been at the receiving end of several campaigns to poison the repository with malicious packages. Earlier this year in June, PyPI was purged of half a dozen typosquatting packages that contained cryptomining malware, and a month before that the repository was flooded with spam packages.

In fact, a recent study revealed that almost half of the packages in PyPI have one or more security issues.

The researchers believe a lack of moderation and automated security controls in PyPI and other public software repositories makes it fairly straightforward for threat actors to inject malicious code.

JFrog suggests that developers must integrate preventive measures such as verification of library signatures in their CI/CD pipelines, along with tools that scan for suspicious code.

“This is a systemic threat, and it needs to be actively addressed on several layers, both by the maintainers of software repositories and by the developers,” believes Karas.


02 Aug 2021



Other Blog

  • Dell XPS 13 deals are starting at just $579 this weekend

    This weekend Dell is offering up some the cheapest Dell XPS laptop deals we've seen yet.

    Read More
  • Microsoft issues warning against dangerous new phishing campaign

    Massive Phishing-as-a-Service operation helps craft extensive campaigns with relative ease, Microsoft warns.

    Read More
  • Google News will soon unlock paywalled content for iOS and Android users

    New updates to Google News Showcase will make it easier for users to find new content from their favorite publishers.

    Read More
  • Noctua’s passive cooler can silently handle an Intel Core i9-11900K – but don't overclock it

    This is an impressive achievement, although passively cooling the Rocket Lake flagship comes with a bunch of caveats.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us