PyPI finds supply chain attacks active for more than half a year

The Python package repository PyPI was the target of a sophisticated supply chain attack in which at least two legitimate software packages were successfully implanted with credential-stealing malware, researchers from security firms SentinelOne and Checkmarx report . The attackers launched a phishing attack on Python developers, tricking them into revealing their login credentials, and then using the stolen credentials to push the latest update to the package, which implanted the credential-stealing malicious program JuiceStealer. Developed using the .NET framework, JuiceStealer searches Google Chrome’s stored passwords, and its activity begins in the second half of 2021. It first spread through user misspellings, and then began to spread through supply chain attacks. The PyPI project has started making 2FA mandatory for package maintainers.

This article is reprinted from:
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment