[sf-lug] Malware on PyPI repository

[Bobbie Sellers]

Hi LUGers,

     Well I don't know if you guys have seen this yet.
     This may be the most serious real threat in malware to happen yet.

>                  SIGN OF THE TIMES —
>                 Malware downloaded from PyPI 41,000 times was 
> surprisingly stealthy
>                 Malware infiltrating open source repositories is 
> getting more sophisticated.
>                         by Dan Goodin - 11/19/2021, 5:02 AM
>
>            PyPI—the open source repository that both large and small 
> organizations use to download code libraries—was hosting 11 malicious 
> packages that were downloaded more than 41,000 times in one of the 
> latest reported such incidents threatening the software supply chain...
>            Read the rest of the article 
> at:<https://arstechnica.com/information-technology/2021/11/malware-downloaded-from-pypi-41000-times-was-surprisingly-stealthy/>
>

     Bobbie Sellers