10 malicious Python packages exposed in latest repository attack

Source

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images) Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords. Check Point Research, which reported its findings Monday, wrote that it didn't know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, [...]