[sf-lug] Malware on PyPI repository

Bobbie Sellers bliss-sf4ever at dslextreme.com
Sat Dec 4 07:31:16 PST 2021

Hi LUGers,

     Well I don't know if you guys have seen this yet.
     This may be the most serious real threat in malware to happen yet.

>                  SIGN OF THE TIMES —
>                 Malware downloaded from PyPI 41,000 times was 
> surprisingly stealthy
>                 Malware infiltrating open source repositories is 
> getting more sophisticated.
>                         by Dan Goodin - 11/19/2021, 5:02 AM
>            PyPI—the open source repository that both large and small 
> organizations use to download code libraries—was hosting 11 malicious 
> packages that were downloaded more than 41,000 times in one of the 
> latest reported such incidents threatening the software supply chain...
>            Read the rest of the article 
> at:<https://arstechnica.com/information-technology/2021/11/malware-downloaded-from-pypi-41000-times-was-surprisingly-stealthy/>

     Bobbie Sellers

More information about the sf-lug mailing list