Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th February 2023
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,039
Default Latest Attack on PyPI Users Shows Crooks Are Only Getting Better

From https://it.slashdot.org/story/23/02/...getting-better:
More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of software developers using this form of attack isn't a passing fad. From a report:
All 451 packages found recently by security firm Phylum contained almost identical malicious payloads and were uploaded in bursts that came in quick succession. Once installed, the packages create a malicious JavaScript extension that loads each time a browser is opened on the infected device, a trick that gives the malware persistence over reboots. The JavaScript monitors the infected developer's clipboard for any cryptocurrency addresses that may be copied to it. When an address is found, the malware replaces it with an address belonging to the attacker. The objective: intercept payments the developer intended to make to a different party.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Warning: PyPI Feature Executes Code Automatically After Python Package Download J65nko News 0 5th September 2022 01:37 AM
Security 10 malicious Python packages exposed in latest repository attack J65nko News 0 9th August 2022 09:45 PM
Modal shows dot files drhowarddrfine FreeBSD General 4 24th August 2017 07:31 PM
Mozilla wants users to upgrade to latest version of Firefox J65nko News 9 13th November 2011 09:29 PM
Firefox-based attack wreaks havoc on IRC users J65nko News 1 31st January 2010 02:19 AM

All times are GMT. The time now is 11:45 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick