The automated risk detection platform of the Python package repository PyPI found dozens of newly released malicious packages. The attacker copies an existing legitimate package and injects a malicious __import__ statement in an attempt to plant the malicious program W4SP Stealer. The advantage of copying legitimate packages is that since the landing pages for PyPI packages are generated from setup.py and README.md, unless carefully inspected, the landing pages of malicious packages will at first glance be considered legitimate. The attacker uses an interesting strategy to prevent developers from discovering injected malicious statements when reading the code. The method is to leave a lot of spaces in the code, and you need to pull to the far right on the editor’s display window to detect malicious injections. There are 318 spaces between the normal and malicious claims.
This article is reprinted from: https://www.solidot.org/story?sid=73250
This site is for inclusion only, and the copyright belongs to the original author.