Malicious PyPI Packages Drop Malware in New Supply Chain Attack

By Deeba Ahmed These packages were uploaded between the 7th and 12th of January 2023 with the names "colorslib," "httpslib," and "libhttps." This is a post from HackRead.com Read the original post: Malicious PyPI Packages Drop Malware in New Supply Chain Attack...

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index PyPI repository that are designed to drop malware on compromised developer systems. The packages – named colorslib versions 4.6.11 and 4.6.12, httpslib versions 4.6.9 and 4.6.11, and libhttps version...