Attacker – hidden in plain sight for nearly six months – targeting Python developers

Key Points 

• For nearly half a year, a threat actor has been planting malicious Python packages into the open-source repository. 


• Many of the malicious packages were camouflaged with names closely resembling popular legitimate Python packages. Consequently, they received thousands of downloads. 


• The setup.py file within these packages was used to carry the harmful payload, which allowed the malicious code to be executed upon installation. 


• A defining characteristic of this attack was the utilization of steganography to hide a malicious payload …

actor attacker developers downloads file hidden key key points malicious malicious packages names packages points popular python repository setup.py targeting threat threat actor