Watch out — those helpful Stack Overflow users might actually be malware-spreading criminals

As reported by the researchers, when someone would ask for debugging help, or similar advice, on Stack Overflow, the attackers would jump to the occasion, offering a malicious package uploaded to the PyPI repository as the solution.

Typosquatted packages

There are a couple of ways to spot the ruse, the researchers further explained, including the fact that the Stack Overflow account offering advice was only created days ago, that the package being offered as the solution was also uploaded days ago, and that in some cases, the solution doesn’t even fit the problem.

"We further noticed that a StackOverflow account "EstAYA G" created roughly 2 days ago is now exploiting the platform's community members seeking debugging help by directing them to install this malicious package as a "solution" to their issue even though the "solution" is unrelated to the questions posted by developers," Sonatype said in its report. Another account pushing malware is called "PhilipsPY".

Another way to spot the hacking attempt is by taking a closer look at the packages being offered - they are usually typo-squatted variants of legitimate, and often popular packages. 

Those who ignore all of the red flags and do end up installing the malicious code will get an information-stealing malware that will grab their session cookies, passwords, browser history, stored credit card data, and whatever other information they have saved in their browsers and elsewhere on their devices. 

While the identity of the attackers, and their endgame, is unknown, it’s safe to assume that they would try to sell the stolen information on the dark web. 

Via BleepingComputer

More from TechRadar Pro

• PyPI stops signing up new users to try and block malware campaign
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now