1 year ago

I thought they only poisoned candy on Halloween. On the https://thenewstack.io/python-package-repository-struggles-deal-typosquatting/, three new fake packages, colorslib, httpslib, and libhttps, have appeared with malware.

This time https://www.fortinet.com/fortiguard/labs?utm_source=blog&utm_campaign=fortiguardlabsteam discovered a similar zero-day https://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttpshttps://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttpshttps://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttpshttps://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttpshttps://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttps These sound familiar, But, none of these are real Python programs.

Because, unlike similar https://thenewstack.io/roblox-and-discord-become-virus-vectors-for-new-pypi-malware/ attacks, the attacker, who posted them, wrote up descriptions and meta-text to make them look like legitimate programs.

Personally, I don’t think I add any Python code that hasn’t been around for at least a month on my systems.