all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FYI: Threat actor targeting many PyPI packages with automated typosquatting campaign

Add to bookmarks
Feb. 11, 2023, 4:46 p.m. | /u/tweedge

cybersecurity www.reddit.com

This is the same actor as highlighted by [Phylum yesterday](https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack) - currently they're pushing a cryptostealer everywhere they can, but who knows what's next. As of Friday they'd tried about 200 typosquats. I haven't counted today's batch but I'd estimate it's another 200-300.

Someone's clearly reached the automation section of "Black Hat Python" :P

Within the past 24 hours I've seen them typosquatting the following packages (parenthesis show an example typosquat):

* xlsxwriter (ex. xlsxwwriter)
* urllib3 (rllib3)
* simplejson …

actor automated automation black hat campaign click client cybersecurity discord packages pypi python reporting requests targeting threat threat actor toolkit typosquatting webhook websocket

Visit resource

More from www.reddit.com / cybersecurity

A student from UTD got access to teslas by exploiting a vulnerability in a 3rd … 11 hours ago | www.reddit.com
article cybersecurity safeguard software +1
XZ has been claimed 12 hours ago | www.reddit.com
cybersecurity
US Targets China & Russia: Advanced AI Software Control 12 hours ago | www.reddit.com
advanced ai software china control +3
McAfee Warns of Surge in AsyncRAT Malware Infections in the U.S. 13 hours ago | www.reddit.com
asyncrat cybersecurity infections malware +1
SOC Work - Retail vs Financial 16 hours ago | www.reddit.com
call cybersecurity data don +13
Top cybersecurity stories for the week of 05-06-24 to 05-10-24 16 hours ago | www.reddit.com
ciso cyber cyber security cybersecurity +8
What is the best way to block access from a Windows workstation to external sites … 16 hours ago | www.reddit.com
access block can capabilities +18
Zscaler hack a honeypot 16 hours ago | www.reddit.com
breach can confirm cybersecurity +15
When Do SEGs Become Necessary for Business Email? 17 hours ago | www.reddit.com
barracuda business common sense cybersecurity +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Principal Security Research Manager

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

SOC Manager

@ Inbox Business Technologies | Islamabad, Islamabad Capital Territory, Pakistan
View on infosec-jobs.com

Cybersecurity Incident Response Program Manager (Hybrid)

@ UMB Bank | MO - Kansas City - 1010 Grand Blvd
View on infosec-jobs.com

Consultant, Cyber Risk Advisory | Remote US

@ Coalfire | United States
View on infosec-jobs.com

Cybersecurity Bid Manager

@ Alstom | Derby, GB
View on infosec-jobs.com

Cyberspace Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com
View more jobs