Select Page

In what’s yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python Package Index (PyPI) for their ability to harvest critical data points such as passwords and API tokens.

The packages “install info-stealers that enable attackers to steal developer’s private data and personal credentials,” Israeli cybersecurity firm Check Point said in a Monday report.

A short summary of the offending packages is below –

  • Ascii2text, which downloads a nefarious script that gathers passwords stored in web browsers such as Google Chrome, Microsoft Edge, Brave, Opera, and Yandex Browser
  • Pyg-utils, Pymocks, and PyProto2, which are designed to steal users’ AWS credentials
  • Test-async and Zlibsrc, which download and execute malicious code during installation
  • Free-net-vpn, Free-net-vpn2, and WINRPCexploit, which steal user credentials and environment variables, and
  • Browserdiv, which are capable of collecting credentials and other information saved in the web browser’s Local Storage folder

The disclosure is the latest in a rapidly ballooning list of recent cases where threat actors have published rogue software on widely used software repositories such as PyPI and Node Package Manager (NPM) with the goal of disrupting the software supply chain.

images from Hacker News