Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments.
ReversingLabs said it identified malicious code embedded within modified versions of legitimate PyPI libraries such as pyperclip and pyrebase.
The malicious code is present in both the __init__.py file and its corresponding compiled Python file (PYC) inside the __pycache__ directory of respective modules.
It's implemented in the form of a Base64-encoded string that obscures a downloader function that establishes contact with a command-and-control (C2) server.
Collection
[
|
...
]