Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

More malicious Python packages are on the loose, experts warn

The Python banner logo on a computer screen running a code editor.

  • Security researchers found two packages on PyPI, showing malicious intent
  • The packages grant the attackers access to systems and sensitive data
  • The researchers warn developers to exercise caution when using third-party packages

Experts have warned PyPI continues to be abused after researchers discovered more malicious packages hiding on the platform.

A report from Fortinet’s FortiGuard Labs discovered two packages designed to steal people’s login credentials, grant unauthorized access to devices, and more.

The researchers says they observed Zebo-0.1.0, and Cometlogger-0.1, two packages that masquerade as legitimate code, but hide harmful features behind complex logic and obfuscation.

Smuggling malware

“The Zebo-0.1.0 script is a typical example of malware, with functions designed for surveillance, data exfiltration, and unauthorized control,” the researchers explained. “It uses libraries like pynput and ImageGrab, along with obfuscation techniques, indicating clear malicious intent.”

The Cometlogger-0.1 script, on the other hand, comes with a different set of malicious behavior, such as dynamic file manipulation, webhook injection, infostealing, and anti-VM checks.

Both packages are described as sophisticated, persistent, and dangerous.

Python is one of the world’s most popular programming languages, and by nature, PyPI is one of the world’s most popular open source code repositories. Developers build code blocks and share with their peers via the platform. Other developers can then use those blocks on their projects, cutting down on time necessary to code out different features.

This gives cybercriminals an opportunity to smuggle malicious code, and infect countless projects through the software supply chain. Sometimes, they would break into legitimate developer accounts and poison their solutions and other times they would typosquat popular solutions in hopes people would mistakenly download the malicious package.

Open-source is arguably more secure, since the code is susceptible to scrutiny from the entire community, but researchers still advise caution, and always verify third-party scripts and executables before running.

Furthermore, businesses should also keep their networks behind firewalls, and set up intrusion detection systems to safeguard their infrastructure.

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.