Neowin

Official Python repository used to distribute cryptomining malware

The official Python software repository, PyPI, was discovered to host six packages that would download and install cryptomining software on affected systems according to a new report. Security ...
Ars Technica

10 malicious Python packages exposed in latest repository attack

Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar ...
Bleeping Computer

Malicious Python Package Available in PyPI Repo for a Year

Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects. One of them, using ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
Dark Reading

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries ...