Yesterday, an automated malware detection system operated by Sonatype, known as the Sonatype Repository Firewall, flagged a newly published PyPI package called "pytoileur." The malicious package, tracked as sonatype-2024-1783, had registered 264 downloads since its release before Sonatype alerted PyPI administrators to remove it.
"While the base64 encoding is pretty standard in applications and doesn't offer much in terms of masquerading malicious code, the author had attempted to 'hide' this particular encoded string from manual human review by injecting it after a print statement, and then in"
[
Collection
]
[
|
...
]