Python Forum
Python Forum

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
rob101
Minister of Silly Walks
Posts: 455
Threads: 16
Joined: Jun 2022
Reputation: 48
#1
Jan-30-2024, 07:58 AM
This, from The Hacker News, broke yesterday.

Just be mindful of what you allow into your computer system.
Gribouillis and Larz60+ like this post
Sig:
>>> import this
The UNIX philosophy: "Do one thing, and do it well."
"The danger of computers becoming like humans is not as great as the danger of humans becoming like computers." :~ Konrad Zuse
"Everything should be made as simple as possible, but not simpler." :~ Albert Einstein
Find
Reply
Larz60+
aetate et sapientia
Super Moderators
Posts: 11,873
Threads: 474
Joined: Sep 2016
Reputation: 452
#2
Jan-30-2024, 11:56 AM
This is important to know!
Everyone should check their repositories for any of the offending packages.
pip list | sort Linux, or similar on other OS, can be used to compare against the list on Hacker news site that you mention above
Gribouillis and rob101 like this post
Find
Reply
Gribouillis

Super Moderators
Posts: 4,500
Threads: 69
Joined: Jan 2018
Reputation: 330
#3
Jan-30-2024, 12:32 PM
fortinet dot com Wrote:While most of the packages uploaded to PyPI are posted by dedicated individuals looking to support the Python community, threat actors also regularly post packages infected with malware.
original info
Larz60+ and rob101 like this post
« We can solve any problem by introducing an extra level of indirection »
Find
Reply
rob101
Minister of Silly Walks
Posts: 455
Threads: 16
Joined: Jun 2022
Reputation: 48
#4
Jan-30-2024, 01:54 PM (This post was last modified: Jan-30-2024, 01:54 PM by rob101.)
An "easy to miss" link (from the THN post) to this very detailed report is well worth reading.

to add: sorry, I've just seen that @Gribouillis has already linked this up.
Sig:
>>> import this
The UNIX philosophy: "Do one thing, and do it well."
"The danger of computers becoming like humans is not as great as the danger of humans becoming like computers." :~ Konrad Zuse
"Everything should be made as simple as possible, but not simpler." :~ Albert Einstein
Find
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malware in colourama package ichabod801 0 1,995 Oct-31-2018, 03:04 PM
Last Post: ichabod801
  Malware in Python 32-bit Installer v 3.2.4 Windows clownzilla 8 5,052 Mar-09-2018, 11:41 AM
Last Post: wavic

Forum Jump:

User Panel Messages

Log Out
My Profile
Pay your profile a visit
User Control Panel
Do some changes on your profile
My Messages
View private messages unread
Avatar
Change avatar
Signature
Change signature
Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020