The python security team has removed two malicious python packages that introduced with the Python Package Index (PyPI) aimed to steal SSH and GPG keys from the infected developer projects.
PyPI is a python repository that helps to locate and install the software developed and shared by the Python community. It includes Over 113,000 Python packages, users can find the packages based on keywords and by using filter data.
The two malicious python packages “python3-dateutil” and “jeIlyfish,” developed by the same developer with handle “olgired2017″. The malicious package “python3-dateutil” found to present in the repository for more than a year, another package is a short-lived one.
Both of the malicious packages identified by the German developer Lukas Martini and he reported to the python security team and the packages have been removed now.
“Just a quick heads-up: There is a fake version of this package called python3-dateutil on PyPI that contains additional imports of the jeIlyfish package (itself a fake version of the jellyfish package, that first L is an I). That package, in turn, contains malicious code starting at line 313 in jeIlyfish/_jellyfish.py:”
The two malicious packages resemble the original packages of ‘dateutil’ and ‘jellyfish’, “python3-dateutil” impersonates ‘dateutil’ and “jeIlyfish” (the first L is an I) imitated the “jellyfish” library.
dateutil – It is the standard datetime module, available in Python, it can be installed from PyPI using the pip command pip install python-dateutil. It can be also downloaded from here.
jellyfish – It is a python library for doing approximate and phonetic matching of strings. It can be also downloaded from here.
The “python3-dateutil” not having any malicious strings, it imports another malicious package “jeIlyfish” which steals the SSH and GPG keys from developer projects.
If you are using ‘dateutil’ and ‘jellyfish’, it is recommended to check that the installed package is the legitimate one.
To note, Python language emerges as the most common vector for launching exploit attempts.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Hackers are abusing the Ethereum blockchain to hide and control a new Node.js backdoor called…
Google has released an urgent security update for its Chrome desktop browser to address 21…
Microsoft is rolling out a wave of privacy and security updates for Microsoft Teams, headlining…
Cisco is actively dealing with a major cybersecurity incident after threat actors breached its internal…
In today's fast-paced software development world, where applications are released at an unprecedented rate, ensuring…
Vim is a widely used, highly configurable text editor, but a recently disclosed flaw highlights…