Cybersecurity researchers have identified several malicious packages in the Python Package Index (PyPI) that aim to steal sensitive user information. Notably, two packages disguised as fixes for the legitimate 'bitcoinlib' package tried to replace authentic commands with malicious code. Another package, 'disgrasya,' was a blatant carding tool targeting WooCommerce stores. These packages amassed hundreds of downloads before being removed, highlighting a persistent threat in open-source software. The authors attempted deceitfully to lure users into using the compromised libraries, demonstrating a sophisticated tactic in cybersecurity risks.
The malicious libraries both attempt a similar attack, overwriting the legitimate 'clw cli' command with malicious code that attempts to exfiltrate sensitive database files.
The malicious payload was introduced in version 7.36.9, and all subsequent versions carried the same embedded attack logic.
Collection
[
|
...
]