Updated on 2022-12-19 A malicious PyPI package, SentinelOne, was used in a campaign dubbed SentinelSneak to harvest sensitive information from developers. The package was uploaded along with five other malicious packages with similar names and similar functionalities. Read more: Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware Overview: Malicious PyPI Module Pretends …
PyPI
Updated on 2022-12-22: New PyPI malware Phylum researchers have documented two waves of malicious packages published on the PyPI portal, one deploying the W4SP Stealer and the second deploying the Satan Stealer malware strains. ReversingLabs and Fortinet also have reports on other unrelated attack too. The Python Foundation really needs to get on top of …