DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Poisoned Lolip0p PyPI Packages

2 years ago thenewstack.io
Poisoned Lolip0p PyPI Packages

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

I thought they only poisoned candy on Halloween. On the https://thenewstack.io/python-package-repository-struggles-deal-typosquatting/, three new fake packages, colorslib, httpslib, and libhttps, have appeared with malware.

This time https://www.fortinet.com/fortiguard/labs?utm_source=blog&utm_campaign=fortiguardlabsteam discovered a similar zero-day https://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttpshttps://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttpshttps://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttpshttps://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttpshttps://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttps These sound familiar, But, none of these are real Python programs.

Because, unlike similar https://thenewstack.io/roblox-and-discord-become-virus-vectors-for-new-pypi-malware/ attacks, the attacker, who posted them, wrote up descriptions and meta-text to make them look like legitimate programs.

Personally, I don’t think I add any Python code that hasn’t been around for at least a month on my systems.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com