Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

/in

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.
Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages

The Hacker News – ​Read More

ClickFix: How to Infect Your PC in Three Easy StepsClickFix: How to Infect Your PC in Three Easy StepsCybersecurity in Crypto: Best Practices to Prevent Theft and Fraud