Generally speaking, the main target of these attacks appears to be the victim's environment data with a focus on browser’s cookies. In other cases, they uploaded completely fake packages consisting only of malicious code, such as the scappy library. In some cases, attackers poisoned well-known legitimate Python libraries and reuploaded them leveraging typosquatting, such as 'pylOpenSSL' mimicking pyOpenSSL. Any security breach or abuse could lead to a large-scale Supply Chain attack.ĭuring our monitoring we were able to identify dozens of suspicious packages, allegedly uploaded by threat actors trying to abuse PyPI.
PyPI took exceptional relevance amongst all repositories as, historically, it was trusted by default by many software developers. In late 2022 we decided to start monitoring PyPI, arguably the most important Python repository, as there were a number of reports on it hosting malware. AI boosts Code Language and File Format identifica.Actionable Threat Intel (II) - IoC Stream.Inside of the WASP's nest: deep dive into PyPI-hos.Threat hunting converting SIGMA to YARA.
