[sf-lug] Malware on PyPI repository
bliss-sf4ever at dslextreme.com
Sat Dec 4 07:31:16 PST 2021
Well I don't know if you guys have seen this yet.
This may be the most serious real threat in malware to happen yet.
> SIGN OF THE TIMES —
> Malware downloaded from PyPI 41,000 times was
> surprisingly stealthy
> Malware infiltrating open source repositories is
> getting more sophisticated.
> by Dan Goodin - 11/19/2021, 5:02 AM
> PyPI—the open source repository that both large and small
> organizations use to download code libraries—was hosting 11 malicious
> packages that were downloaded more than 41,000 times in one of the
> latest reported such incidents threatening the software supply chain...
> Read the rest of the article
More information about the sf-lug