Info Stealing Packages Hidden in PyPI
Fortinet News, Monday, January 22nd, 2024
The Python Package Index (PyPI) is an open repository of software packages developed by the Python community to help people quickly develop or update applications.
While most of the packages uploaded to PyPI are posted by dedicated individuals looking to support the Python community, threat actors also regularly post packages infected with malware. The FortiGuard Labs team uses a proprietary, AI-driven OSS malware detection system to hunt for and monitor these threats. Recently, we identified a PyPI malware author (who goes by the ID 'WS') discreetly uploading malicious packages to PyPI. We now estimate that there may be well over 2000 victims of 'WS' just from the packages described below alone.