all InfoSec news
Developers beware: Imposter HTTP libraries lurk on PyPI
Malware Analysis, News and Indicators - Latest topics malware.news
While monitoring different malicious packages found in public software repositories, ReversingLabs researchers have noticed an increase of malicious HTTP libraries on the Python Package Index (PyPI) repository. Actually, we should air-quote “HTTP libraries.” In reality, most of these are simple, malicious packages bearing names that are Frankenstein-like amalgamations of the acronym "HTTP".
The descriptions for these packages, for the most part, don't hint at their malicious intent. Some are disguised as real libraries and make flattering comparisons between their capabilities …
descriptions developers don http imposter intent malicious malicious packages monitoring names package packages public pypi python python package python package index repositories repository researchers reversinglabs simple software