The PyPI repository for Python software was found to have malicious packages capable of installing trojanized Windows binaries for surveillance and crypto-theft, linked to a long-running campaign.
One of the flagged PyPI packages, 'pytoileur', disguised itself as an 'API Management tool written in Python' while attempting to typosquat legitimate packages like 'Pyston'.
Security researchers discovered that the 'pytoileur' package executed a base64-encoded payload to retrieve malicious executables, drop suspicious files, modify Windows registry settings, and deploy spyware payloads.
A binary from the malicious package had capabilities for info-stealing and crypto-jacking, attempting to extract user profiles and data from common sources.
[
Collection
]
[
|
...
]