all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Developers beware: Imposter HTTP libraries lurk on PyPI

Add to bookmarks
Feb. 22, 2023, 4:27 p.m. | lucija.valentic@reversinglabs.com (Lucija Valentić)

ReversingLabs Blog blog.reversinglabs.com




While monitoring different malicious packages found in public software repositories, ReversingLabs researchers have noticed an increase of malicious HTTP libraries on the Python Package Index (PyPI) repository. Actually, we should air-quote “HTTP libraries.” In reality, most of these are simple, malicious packages bearing names that are Frankenstein-like amalgamations of the acronym "HTTP".

dev & devsecops developers http imposter malicious malicious packages monitoring names package packages public pypi python python package python package index repositories repository researchers reversinglabs simple software threat research

Visit resource

More from blog.reversinglabs.com / ReversingLabs Blog

Verizon 2024 DBIR: Software supply chain risks fuel a data breach epidemic 18 hours ago | blog.reversinglabs.com
alarm appsec & supply chain security breach breaches +25
What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss 1 day, 17 hours ago | blog.reversinglabs.com
appsec & supply chain security cisos development don +16
How SOC analysts and threat hunters can expose malware undetected by EDR 2 days, 18 hours ago | blog.reversinglabs.com
analysts can corporate don +16
Introducing the Unified RL Spectra Suite 2 days, 18 hours ago | blog.reversinglabs.com
always on appsec & supply chain security change criminals +15
Announcing the General Availability of Spectra Detect v5.0: Enhancing File Analysis for Advanced Threat Detection 2 days, 18 hours ago | blog.reversinglabs.com
advanced advanced threat advanced threat detection analysis +23
Announcing the General Availability of TitaniumScale v5.0: Enhancing File Analysis for Advanced Threat Detection 6 days, 21 hours ago | blog.reversinglabs.com
advanced advanced threat advanced threat detection analysis +23
How NIST CSF 2.0 and C-SCRM help manage software supply chain risk 1 week ago | blog.reversinglabs.com
appsec & supply chain security businesses critical critical infrastructure +29
What’s hot at RSAC 2024: 7 must-see talks for security operations teams 1 week, 1 day ago | blog.reversinglabs.com
conference filter flood francisco +21
NVD delays highlight vulnerability management woes: Put malware first 1 week, 2 days ago | blog.reversinglabs.com
appsec & supply chain security attention change current +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Data Privacy Manager m/f/d)

@ Coloplast | Hamburg, HH, DE
View on infosec-jobs.com

Cybersecurity Sr. Manager

@ Eastman | Kingsport, TN, US, 37660
View on infosec-jobs.com

KDN IAM Associate Consultant

@ KPMG India | Hyderabad, Telangana, India
View on infosec-jobs.com

Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)

@ Bosch Group | Stuttgart, Germany
View on infosec-jobs.com

Senior Security Engineer - SIEM

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs