Multiple 0-Day Attacks in The PyPI Packages Aimed to Steal Developer Credentials

13 February 2023

However, what was alarming was the fact that all of these packages contained similar malicious code. This raises the question of the level of sophistication and the intentions behind these attacks. Technical Analysis of the Packages First of all, cybersecurity analysts have noticed something that looks like a URL for a webhook in its setup[.]py file:- hxxps://discord[.]com/api/webhooks/1069214746395562004/sejnJnNA3lWgkWC4V86RaFzaiUQ3dIAG958qwAUkLCkYjJ7scZhoa-KkRgBOhQw8Ecqd There is a similar code in each package’s setup.py file except for the URL of the webhook that is sent from each package.

Read full article on GBHackers

Date:

13 February 2023

Categorie(s):

NEWS

Tag(s):

0-Day, Attacks, Credentials, Cyber Security News, Developers

Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland… – SWN #37919 April 2024
5.3M World-Check records may be leaked; how to check your records19 April 2024
Sacramento airport goes no-fly after AT&T internet cable snipped19 April 2024
Active adversary report: Ransomware hit a ceiling, but security teams at risk for more pain19 April 2024
Akira takes in $42 million in ransom payments, now targets Linux servers19 April 2024