The python security team has removed two malicious python packages that introduced with the Python Package Index (PyPI) aimed to steal SSH and GPG keys from the infected developer projects.
PyPI is a python repository that helps to locate and install the software developed and shared by the Python community. It includes Over 113,000 Python packages, users can find the packages based on keywords and by using filter data.
The two malicious python packages “python3-dateutil” and “jeIlyfish,” developed by the same developer with handle “olgired2017″. The malicious package “python3-dateutil” found to present in the repository for more than a year, another package is a short-lived one.
Both of the malicious packages identified by the German developer Lukas Martini and he reported to the python security team and the packages have been removed now.
“Just a quick heads-up: There is a fake version of this package called python3-dateutil on PyPI that contains additional imports of the jeIlyfish package (itself a fake version of the jellyfish package, that first L is an I). That package, in turn, contains malicious code starting at line 313 in jeIlyfish/_jellyfish.py:”
The two malicious packages resemble the original packages of ‘dateutil’ and ‘jellyfish’, “python3-dateutil” impersonates ‘dateutil’ and “jeIlyfish” (the first L is an I) imitated the “jellyfish” library.
dateutil – It is the standard datetime module, available in Python, it can be installed from PyPI using the pip command pip install python-dateutil. It can be also downloaded from here.
jellyfish – It is a python library for doing approximate and phonetic matching of strings. It can be also downloaded from here.
The “python3-dateutil” not having any malicious strings, it imports another malicious package “jeIlyfish” which steals the SSH and GPG keys from developer projects.
If you are using ‘dateutil’ and ‘jellyfish’, it is recommended to check that the installed package is the legitimate one.
To note, Python language emerges as the most common vector for launching exploit attempts.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost…
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…