Bleeping Computer

Malicious PyPI packages with over 10,000 downloads taken down

The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines. These malicious packages ...
Bleeping Computer

Malicious PyPi package hides RAT malware, targets Discord devs since 2022

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three ...
TechRadar

AWS keys stolen by malicious PyPI package with thousands of downloads

Researchers discover three-year old malicious package in PyPI The package is a typosquatted version of Fabric, with 37,000 downloads Its goal is to steal AWS login credentials from the developers A ...