Malicious PyPI Code Packages Rack Up Thousands of Downloads

36
Malicious PyPI Code Packages Rack Up Thousands of Downloads

Python codec was introduced by a malware program that bent on extracting data from developer applications and more.

Three malicious packages hosted in the Python Package Index (PyPI) code have been found, together they contain more than 12,000 downloads – and may be included in various applications.

Independent researcher Andrew Scott found the packages during an analysis of almost the entire code area contained in PyPI, which is a software codec archive built into the Python programming language. Like GitHub, npm and RubyGems, PyPI allows codes to download software packages that developers will use to build various applications, services and other projects.

Read More: Threatpost

For more such updates follow us on Google News ITsecuritywire News