Conclusion PyPI continues to be abused by cyberattackers to compromise Python programmers’ devices. This campaign displays a variety of techniques being used to include malware in Python packages.

The setup.py file in the malicious PyPI packages used in this attack contained a payload encoded in base64 for obfuscation, which involved the execution of a PowerShell command on Windows systems.

Using Python’s index operator [] on a string with a -3 will grab the 3rd character from the end of the string, in this case '<built-in function oct>'[-3] will evaluate to 'c'.

Additionally, these malicious packages were promptly removed from PyPI, likely due to internal system detections or external reports. However, the attackers quickly replaced the packages, indicating a ...

Bytecode is a representation of Python, compiled as a set of instructions for the Python Virtual Machine. In a simplified sense, it exists somewhere between source code and being a machine binary.

Security researchers have discovered a total of 3938 unique secrets on PyPI, the official third-party package management system for the Python community, across all projects, with 768 of them ...

The malicious package was available on PyPI, a package index widely used by Python developers. After being notified of it, PyPI's maintainers have removed the malicious package.