Developers beware: Imposter HTTP libraries lurk on PyPI | allinfosecnews.com

Feb. 22, 2023, 4:35 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

While monitoring different malicious packages found in public software repositories, ReversingLabs researchers have noticed an increase of malicious HTTP libraries on the Python Package Index (PyPI) repository. Actually, we should air-quote “HTTP libraries.” In reality, most of these are simple, malicious packages bearing names that are Frankenstein-like amalgamations of the acronym "HTTP".

The descriptions for these packages, for the most part, don't hint at their malicious intent. Some are disguised as real libraries and make flattering comparisons between their capabilities …

descriptions developers don http imposter intent malicious malicious packages monitoring names package packages public pypi python python package python package index repositories repository researchers reversinglabs simple software

More from malware.news / Malware Analysis, News and Indicators - Latest topics

The Impact of Cyber Attacks on the Stock Markets 59 minutes ago | malware.news

attacks companies corporate cyber +13

Note to investors and security pros: drive innovation by going on the offensive an hour ago | malware.news

article cybersecurity drive innovation +10

New network to target migrant smugglers in the digital domain an hour ago | malware.news

alliance april aspect counter +17

New High-Severity Vulnerability in Apache ActiveMQ Poses Risk of Unauthorized Access: CVE-2024-32114 2 hours ago | malware.news

access activemq apache apache activemq +15

My impression of Botconf 2024 3 hours ago | malware.news

analysis botconf channel dotnet +13

Top 10 Free IoC Search & Enrichment Platforms 3 hours ago | malware.news

amp assets attacks breaches +33

ISC Stormcast For Friday, May 3rd, 2024 https://isc.sans.edu/podcastdetail/8966, (Fri, May 3rd) 10 hours ago | malware.news

Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360 14 hours ago | malware.news

article incident incident response link +4

Critical GitLab account takeover flaw added to CISA’s KEV Catalog 14 hours ago | malware.news

account account takeover article catalog +17

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote

View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US

View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA

View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco

View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700

View on infosec-jobs.com