10 Malicious Code Packages Slither into PyPI Registry
Administrators of the Python Package Index (PyPI) have removed 10 malicious software code packages from the registry after a security vendor informed them about the issue.
The incident is the latest in a rapidly growing list of recent instances where threat actors have placed rogue software on widely used software repositories such as PyPI, Node Package Manager (npm), and Maven Central, with the goal of compromising multiple organizations. Security analysts have described the trend as significantly heightening the need for development teams to exercise due diligence when downloading third-party and open source code from public registries.
Malicious Code in Installation Scripts
Check Point researchers discovered that the threat actors who had placed the malware on the registry had embedded malicious code into the package installation script. So, when a developer used the "pip" install command to install any of the rogue packages, the malicious code would run unnoticed on the user's machine and install the malware dropper.
For Further Reference