Lucene search
GoogleOSV:MAL-2023-8589HistoryMay 17, 2023 - 12:00 a.m.
Malicious code in pywhool (PyPI)
2023-05-1700:00:00
Google
osv.dev
3
malicious code
pypi
developers
steganography
exfiltration
7.2 High
AI Score
Confidence
Low
-= Per source details. Do not edit below this line.=-
Source: checkmarx (54738d1aef580f087fec1311b411aa6ddd2d7affb4b44353dd7f3d6a569a0ed9)
Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information
References
checkmarx.com/blog/attacker-hidden-in-plain-sight-for-nearly-six-months-targeting-python-developers/
github.com/DataDog/malicious-software-packages-dataset
medium.com/checkmarx-security/attacker-hidden-in-plain-sight-for-nearly-six-months-targeting-python-developers-3712f0f107e0
security.snyk.io/vuln/SNYK-PYTHON-PYWHOOL-6069618
7.2 High
AI Score
Confidence
Low