Published on Aug 20, 2022
Researchers claim threat actors are using typosquatting to attack Python developers.
Researchers from Spectralops.io analysed PyPI, a software repository for Python programmers, and found ten malicious packages. Developers were duped into downloading and adopting the tainted ones by giving them identical names to termination boxes.
Typosquatting is a common attack among cyber criminals. It’s used not just on code repositories (though we’ve seen numerous instances on GitHub, for instance, in the past) but also in phishing emails and fake websites.
By adopting these packages, victims are giving threat actors keys to their kingdoms since the malware supports the theft of private data and developer credentials. Afterward, the attackers would send the data to a third party without the victims knowing. According to Spectralops, PyPi has more than 600,000 active users, indicating a large threat landscape.
“These attacks rely on Python installation and can include arbitrary code snippets, which can be used by malicious players to put their malicious code,” Ori Abramovsky, Data Science Lead for Spectralops.io, explained. “We discovered it using machine learning models which analyse the code of these packages and auto alert on the malicious ones.”
