Package names repurposed to push malware on PyPI | allinfosecnews.com

April 24, 2023, 11 a.m. | Lucija Valentić

Security Boulevard securityboulevard.com

In the beginning of March, ReversingLabs researchers encountered a malicious package on the Python Package Index (PyPI) named termcolour, a three-stage downloader published in multiple versions. Finding this malicious payload wasn’t difficult, but what piqued our interest was its name. The termcolour package wasn’t new. In fact, it had been published to PyPI two years earlier, and then removed. It reappeared on PyPI in the beginning of March — this time as a malicious downloader.

The post Package names repurposed …

fact interest malicious malware march name names package payload pypi python python package python package index researchers reversinglabs security security boulevard software supply chain security stage threat research

More from securityboulevard.com / Security Boulevard

USENIX Security ’23 – UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware 8 hours ago | securityboulevard.com

access authors conference events +15

Understanding Cybersecurity Vulnerabilities 10 hours ago | securityboulevard.com

advice attacks can cybersecurity +12

Bridging the Gap: Uniting Development and AppSec 11 hours ago | securityboulevard.com

application security appsec aspm bridging the gap +20

USENIX Security ’23 – Union Under Duress: Understanding Hazards of Duplicate Resource Mismediation in Android … 12 hours ago | securityboulevard.com

access android authors conference +20

Agile by Design: Cybersecurity at the Heart of Transformation 14 hours ago | securityboulevard.com

agile blog business can +25

Cybersecurity Insights with Contrast CISO David Lindner | 4/26/24 14 hours ago | securityboulevard.com

ai analytics & intelligence artificial intelligence audio +26

Segregation of Duties Remediation in Oracle ERP Cloud 14 hours ago | securityboulevard.com

actions articles cloud digital +14

Fix SPF Permerror: Overcome SPF Too Many DNS Lookups Limit 15 hours ago | securityboulevard.com

authentication cybersecurity deliverability dns +6

Announcing the General Availability of TitaniumScale v5.0: Enhancing File Analysis for Advanced Threat Detection 15 hours ago | securityboulevard.com

advanced advanced threat advanced threat detection analysis +23

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Engineer 2

@ Oracle | BENGALURU, KARNATAKA, India

View on infosec-jobs.com

Oracle EBS DevSecOps Developer

@ Accenture Federal Services | Arlington, VA

View on infosec-jobs.com

Information Security GRC Specialist - Risk Program Lead

@ Western Digital | Irvine, CA, United States

View on infosec-jobs.com

Senior Cyber Operations Planner (15.09)

@ OCT Consulting, LLC | Washington, District of Columbia, United States

View on infosec-jobs.com

AI Cybersecurity Architect

@ FactSet | India, Hyderabad, DVS, SEZ-1 – Orion B4; FL 7,8,9,11 (Hyderabad - Divyasree 3)

View on infosec-jobs.com