More malicious Python packages are on the loose, experts warn
Posted by:
James Thompson
Security researchers have uncovered two malicious packages on PyPI, posing a threat to systems and data. The packages, Zebo-0.1.0 and Cometlogger-0.1, were found to harbor harmful features disguised within seemingly legitimate code. Zebo-0.1.0 includes functions for surveillance and unauthorized access, while Cometlogger-0.1 is characterized by dynamic file manipulation and other malicious behaviors. These packages highlight the vulnerability of PyPI to abuse by cybercriminals who seek to spread malware through the software supply chain. Developers are advised to exercise caution when utilizing third-party packages to mitigate these risks. In light of these findings, experts emphasize the importance of verifying scripts and executables before implementation, as well as implementing network security measures like firewalls and intrusion detection systems to protect against potential threats.
Recent Posts1
