Dark Reading

Malicious Python Package Relies on Steganography to Download Malware

Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files. The malicious package was available on PyPI, a package index ...
Bleeping Computer

Ethereum private key stealer on PyPI downloaded over 1,000 times

A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain ...
Infosecurity-magazine.com

New Malware on PyPI Poses Threat to Open-Source Developers

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...