VMConnect: Malicious PyPI packages imitate popular open source modules | allinfosecnews.com

Aug. 3, 2023, 9:34 p.m. | karlo.zanki@reversinglabs.com (Karlo Zanki)

ReversingLabs Blog blog.reversinglabs.com

ReversingLabs has identified several malicious Python packages on the Python Package Index (PyPI) open source repository. In all, ReversingLabs researchers uncovered 24 malicious packages imitating three, popular open source Python tools: vConnector, a wrapper module for pyVmomi VMware vSphere bindings; as well as eth-tester, a collection of tools for testing ethereum based applications; and databases, a tool that gives asyncro support for a range of databases.

collection dev & devsecops eth ethereum malicious malicious packages modules open source package packages popular pypi pypi packages python python package python package index python tools repository researchers reversinglabs software supply chain security testing threat research tools vmware vmware vsphere vsphere wrapper

More from blog.reversinglabs.com / ReversingLabs Blog

What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss 14 hours ago | blog.reversinglabs.com

appsec & supply chain security cisos development don +16

How SOC analysts and threat hunters can expose malware undetected by EDR 1 day, 15 hours ago | blog.reversinglabs.com

analysts can corporate don +16

Introducing the Unified RL Spectra Suite 1 day, 15 hours ago | blog.reversinglabs.com

always on appsec & supply chain security change criminals +15

Announcing the General Availability of Spectra Detect v5.0: Enhancing File Analysis for Advanced Threat Detection 1 day, 15 hours ago | blog.reversinglabs.com

advanced advanced threat advanced threat detection analysis +23

Announcing the General Availability of TitaniumScale v5.0: Enhancing File Analysis for Advanced Threat Detection 5 days, 18 hours ago | blog.reversinglabs.com

advanced advanced threat advanced threat detection analysis +23

How NIST CSF 2.0 and C-SCRM help manage software supply chain risk 6 days, 15 hours ago | blog.reversinglabs.com

appsec & supply chain security businesses critical critical infrastructure +29

What’s hot at RSAC 2024: 7 must-see talks for security operations teams 1 week ago | blog.reversinglabs.com

conference filter flood francisco +21

NVD delays highlight vulnerability management woes: Put malware first 1 week, 1 day ago | blog.reversinglabs.com

appsec & supply chain security attention change current +16

CycloneDX upgraded for the evolving software supply chain security era 1 week, 6 days ago | blog.reversinglabs.com

ai development appsec & supply chain security bill bills +25

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Senior Software Engineer, Security

@ Niantic | Zürich, Switzerland

View on infosec-jobs.com

Consultant expert en sécurité des systèmes industriels (H/F)

@ Devoteam | Levallois-Perret, France

View on infosec-jobs.com

Cybersecurity Analyst

@ Bally's | Providence, Rhode Island, United States

View on infosec-jobs.com

Digital Trust Cyber Defense Executive

@ KPMG India | Gurgaon, Haryana, India

View on infosec-jobs.com

Program Manager - Cybersecurity Assessment Services

@ TestPros | Remote (and DMV), DC

View on infosec-jobs.com