Malicious ‘aptX’ Python package drops Meterpreter shell, deletes ‘netstat’

By Ax Sharma on February 08, 2023 Known Vulnerabilities

4 minute read time

Sonatype identified malicious Python packages on the PyPI software registry that carried out multiple nefarious activities.
Read More...

Intro to malware analysis: Analyzing Python malware

By Juan Aguirre on January 19, 2023 python

11 minute read time

Understanding malware analysis and the process of researching security vulnerabilities is the first step toward implementing best practices.
Read More...

Malware Monthly - November 2022

12 minute read time

Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...

PyPI packages steal Telegram cache files, add Windows Remote Desktop accounts

By Ax Sharma on July 07, 2022 vulnerabilities

3 minute read time

We analyze Python packages that steal Telegram Desktop client files and set up Remote Desktop access accounts after infecting Windows systems.
Read More...

python-dateutils — A cryptominer in disguise targeting Windows, Linux, macOS

By Ax Sharma on June 29, 2022 vulnerabilities

5 minute read time

We analyze a suspicious 'python-dateutils' PyPI package targeting Python developers to mine cryptocurrency after infecting their Windows, macOS or Linux.
Read More...

Python packages upload your AWS keys, env vars, secrets to the web

By Ax Sharma on June 23, 2022 vulnerabilities

5 minute read time

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.
Read More...

This Week in Malware — npm malware exfiltrates Windows SAM, Amazon EC2 credentials

By Ax Sharma on June 10, 2022 vulnerabilities

4 minute read time

Malicious packages caught this week exfiltrate Amazon EC2, Windows SAM credentials, and launch malicious executables.
Read More...

Trojanized PyPI package imitates a popular Python server library

By Ax Sharma on February 27, 2022 vulnerabilities

7 minute read time

A trojanized PyPI component 'aiohttp-socks5' has been identified by Sonatype's automated malware detection system, imitating the real 'aiohttp-socks' lib.
Read More...

OSS Index contributor asks: Where 'R' you?

2 minute read time

Dr. Colin Gillespie, co-author of the book, Efficient R Programming, talks about contributing to open source software projects and using OSS Index.
Read More...