This Week in Malware we discovered and analyzed multiple malicious PyPI packages that either set up new Remote Desktop user accounts on your Windows computer or steal encrypted Telegram data files from your Telegram Desktop client.
1. PyPI packages steal your Telegram Desktop files, set up Windows RDP access
The primary packages of interest conducting malicious activities are:
These packages were discovered by Sonatype's automated malware detection system, offered as a part of Nexus platform products, including Nexus Firewall. On a further review, we deemed these packages malicious and reported them to PyPI.
Check out the dedicated blog post to learn more.
2. Dependency confusion packages
The week's dependency confusion findings, across npm and PyPI, include the following packages.
Turn on Nexus Firewall for automatic protection
This discovery follows our last week's report of malicious Python cryptominers and over 345 dependency confusion packages that were timely discovered and reported by Sonatype.
As a DevSecOps organization, we remain committed to identifying and halting attacks against open source developers and the wider software supply chain, like the ones discussed above.
Users of Nexus Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.
Nexus Firewall instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in the works, thereby keeping your software supply chain protected from the start.
Sonatype’s world-class security research data, combined with our automated malware detection technology safeguards your developers, customers, and software supply chain from infections.