Warning for Python Users: PyPi supply chain attack

Liste des GroupesRevenir à se design 
Sujet : Warning for Python Users: PyPi supply chain attack
De : dont (at) *nospam* emailme.com (Wanderer)
Groupes : sci.electronics.design
Date : 29. Mar 2024, 07:29:52
Autres entêtes
Organisation : To protect and to server
Message-ID : <433399@dontemail.com>
Warning for those who use Python.

pypi halted new users and projects while it fended off supply chain attack
https://arstechnica.com/security/2024/03/pypi-halted-new-users-and-projects-while-it-fended-off-supply-chain-attack/
The malicious code is located within each package's setup.py file, enabling automatic execution upon installation.

In addition, the malicious payload employed a technique where the setup.py file contained obfuscated code that
was encrypted using the Fernet encryption module. When the package was installed, the obfuscated code was automatically
executed, triggering the malicious payload. Upon execution, the malicious code within the setup.py file attempted to retrieve
an additional payload from a remote server. The URL for the payload was dynamically constructed by appending the package
name as a query parameter. The retrieved payload was also encrypted using the Fernet module. Once decrypted, the payload
revealed an extensive info-stealer designed to harvest sensitive information from the victim's machine. The malicious payload
also employed a persistence mechanism to ensure it remained active on the compromised system even after the initial execution."

Date Sujet#  Auteur
29 Mar 24 o Warning for Python Users: PyPi supply chain attack1Wanderer

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal