9169 matches found
Malicious code in freeqtrade (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx a1d85df46593cf38b75fcdfaa68cc0a4e6d7f4c2146719a0b3359c995c0bcb4c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in frreqtrade (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx c6634da106be1a5e6fbc9f381d92ba14243730eca4285e2923b5ea6843b65bd6 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in ferqtrade (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 18cc0f08f6bc2db28674fad653770d86cfd55c151a1380feb8acdd0c17e5e90e Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in freqtade (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b6b862a8428000fde13853f32950a879c71d151be8cac5583412481df1b93628 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in cxt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx e5ceb47158c98a7e5e036b33be987001008819f6bef951a662f983d5da7a0587 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in ccx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4b65e79327daa2cc5ec5b36d4f94dde43607d8cb595f276122659ef69d86a25a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in ccxtt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6e773dfbf272510462161ef414375e503b05178db70661f62abc709494f507c0 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
Malicious code in fredmi (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 01c99c53e4554cc5799b0b94a6bd72836ccf768e513a2b299ccdc4d963603df6 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
PT-2022-28245 · Sentinelone · Sentinelone
Name of the Vulnerable Software and Affected Versions: SentinelOne affected versions not specified Description: Threat actors impersonated SentinelOne by uploading fake software development kits SDKs onto PyPI. These SDKs contained fully functional SentinelOne clients but also included malicious...
W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
Threat actors have published yet another round of malicious packages to Python Package Index PyPI with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade...
Two Zero-day Supply Chain Attacks Found in the Python Package Index
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A zero-day supply chain attack called "aioconsol" was discovered on December 9, 2022 in a Python package published on the Python Package Index PyPI on December 6, 2022. All three versions of the package...
Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data
Cybersecurity researchers have discovered a new malicious package on the Python Package Index PyPI repository that impersonates a software development kit SDK for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak. The package, named SentinelOne and now taken...
PYSEC-2022-43090
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43127
The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43085
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43109
The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0...
PT-2022-27092 · D8S-Htm +2 · D8S-Htm +2
Name of the Vulnerable Software and Affected Versions: d8s-htm version 0.1.0 democritus-math affected versions not specified Description: A potential code-execution backdoor was inserted by a third party into the d8s-stats for python distributed on PyPI. The democritus-math package also contains ...
PT-2022-37353 · Pypi · D8S-Htm +2
Name of the Vulnerable Software and Affected Versions: d8s-timer version not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party in the d8s-timer package distributed on PyPI. Additionally, the democritus-dates package also contains a...
PT-2022-37352 · Pypi +1 · Democritus-Uuids +2
Name of the Vulnerable Software and Affected Versions: d8s-timer version not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-timer for python distributed on PyPI. Another affected package is democritus-uuids...
PT-2022-37345 · Pypi · D8S-Htm +2
Name of the Vulnerable Software and Affected Versions: d8s-networking affected versions not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-networking package for Python, distributed on PyPI. Another affected package is...