Malicious Packages Discovered in Python Package Index (PYPI)
In a recent research conducted by specialists from Reverseglabs, two malicious packages were found in the Python repository Package Index (PYPI). These packages utilized the DLL Sideloading technique to evade antivirus programs and execute harmful code.
The malicious packages, named NP6helperhttpTest and NP6helperhttper, were downloaded by users 537 and 166 times respectively before they were removed from the repository. These alarming numbers highlight the potential risk posed by even short-lived malicious packages towards unsuspecting developers.
These malicious packages were designed to mimic legitimate tools from Chapsvision, a company known for marketing automation solutions. This tactic, known as typosquatting, involves creating fake packages with names similar to popular libraries in the hopes that developers may unwittingly install the malicious versions.
The discovery of these malicious packages underscores the ongoing challenges faced by software repositories like PYPI in detecting and preventing harmful content from infiltrating their platforms.