all InfoSec news
VMConnect: Malicious PyPI packages imitate popular open source modules
ReversingLabs Blog blog.reversinglabs.com
ReversingLabs has identified several malicious Python packages on the Python Package Index (PyPI) open source repository. In all, ReversingLabs researchers uncovered 24 malicious packages imitating three, popular open source Python tools: vConnector, a wrapper module for pyVmomi VMware vSphere bindings; as well as eth-tester, a collection of tools for testing ethereum based applications; and databases, a tool that gives asyncro support for a range of databases.
collection dev & devsecops eth ethereum malicious malicious packages modules open source package packages popular pypi pypi packages python python package python package index python tools repository researchers reversinglabs software supply chain security testing threat research tools vmware vmware vsphere vsphere wrapper