Malicious code in byteqs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d6ca35190c57f806dbb3337e4639f179f6ece665392e5972341cba92767f2747 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Malicious code in bytedplus-rec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 60f79f83c8af55853fc5ee2cbcd855f6799c4d5fa43cae98ddf63d0aa5f5fc23 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Malicious code in artifact-lab-3-package-9fde789f (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f494a5211d4ea10a131bb54919b6d5e1bf765cea0c3cc018c054e7e304f5856f Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...

MAL-2024-12295 Malicious code in jupihelp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7bb124c218cd3a0340ff934eafc0d4c9cbf322b2428d8a868ed28703aeb38426 Once run, downloads and install from sleipnirbrowser.org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some ki...

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer Q&A platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining...

Malicious code in muxf (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 694c32190cb5df1b380a25e3c2235d032724d67bef75b932ed4f59101a5f0e7a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in blab111 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bc1ea66b7bd97f1590f64319f168a1e5ce5f257bf47595de26247cc07a48f80c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12221 Malicious code in blz-test-package (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 01f2433c1d8bc3c461a9580e06ffcac55e0d5e79ac651f1326c6ddd10114a544 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12328 Malicious code in postgresql-connector-python (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 87f55ac62324b5fc631b711e125f897d8ae10d06a9d80173463d9a5fa1915302 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12247 Malicious code in comfyui-node-pkg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d14c72a2c0a980d7106ed7e451501074521e6282c64d87f689b4b758f877d2ea Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control C2 framework within a PNG image of the project's logo. The package employing this...

New Malicious PyPI Packages Caught Using Covert Side-Loading Tactics

Cybersecurity researchers have discovered two malicious packages on the Python Package Index PyPI repository that were found leveraging a technique called DLL side-loading to circumvent detection by security software and run malicious code. The packages, named NP6HelperHttptest and NP6HelperHttpe...

Auto-GPT 代码注入漏洞

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. A code injection vulnerability exists in Auto-GPT versions prior to 0.4.3, which stems from a docker-compose.yml file located in the repository root directory that installs itself into a docker...

Malicious code in gogogolokl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7b050604c15bfdf4e456841a2cbccfb6f6122137aedf82ceae488c2871dfea27 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

Malicious code in esqintstudyhacked (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ef7a7f38147456d0eff7a537f9b0e605baf5d4c3a2e94499688c94ece57a117c EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in esqlibcpuosint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8760b4961c437a72b606af72f5988d2329ee17f72f90e126cb64f64c5f6e9212 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfcvinfoad (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 934ef50eb7830e1355e375cbb3e865e916602091e5eb92946e6980facdcaa45f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in selfstudytoolrandom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 96bf68235754ce923b2685242740d39b1a44690bd9a02dfb799923b5830fc8c2 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in esqmasksplitpush (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 371a75bbb9117312cbc2dfb41f4c02a5e1378b7ca3d109a59401cc2d79619da0 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Malicious code in libpullpongpaypal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e7b446f46395daeac2e9711ae877665037b8d78a2b8ff54d3f72737b44e3570f EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...