Attacker floods PyPI with 450+ malicious packages that drop Windows trojan via Dropbox

Sonatype has been tracking an open source malware campaign developing over the weekend in which a threat actor is infiltrating the PyPI software registry with hundreds of malicious packages. These packages are being rapidly removed by the PyPI admins as they come up, but the behavior continues well into today.

actor campaign dropbox featured floods malicious malicious packages malware malware analysis malware campaign open source packages pypi registry software sonatype threat threat actor tracking trojan vulnerabilities weekend windows