Python – OWASP Jakarta

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer. The packages, named gptplus and Read more

By adminowasp, 8 months ago November 28, 2024

News

PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot

PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot The administrators of the Python Package Index (PyPI) repository have quarantined the package “aiocpa” following a new update that included malicious code to exfiltrate private keys via Telegram. The package in question is described as a synchronous and asynchronous Read more

By adminowasp, 8 months ago November 27, 2024

News

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code Oct 30, 2024Ravie LakshmananCybercrim / Cryptocurrency Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims’ crypto wallets. The package, named Read more

By adminowasp, 9 months ago October 30, 2024

News

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. “Attackers can leverage these entry points Read more

By adminowasp, 9 months ago October 14, 2024

News

New PondRAT Malware Hidden in Python Packages Targets Software Developers

New PondRAT Malware Hidden in Python Packages Targets Software Developers Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit Read more

By adminowasp, 10 months ago September 30, 2024

News

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI

Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that’s designed to deliver an information stealer called Lumma (aka LummaC2). The package in question is crytic-compilers, a typosquatted version of a legitimate library Read more

By adminowasp, 1 year ago June 6, 2024

News

Cybercriminals Abuse StackOverflow to Promote Malicious Python Package

Cybercriminals Abuse StackOverflow to Promote Malicious Python Package Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index (PyPI) repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 Read more

By adminowasp, 1 year ago May 29, 2024

News

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. “This cluster of activity spanned from late 2023 to April 2024 Read more

By adminowasp, 1 year ago May 27, 2024

News

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply Read more

By adminowasp, 1 year ago May 22, 2024

News

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project’s logo. The package Read more

By adminowasp, 1 year ago May 13, 2024