{"id":50174,"date":"2023-01-18T15:53:28","date_gmt":"2023-01-18T15:53:28","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34227\/More-Malicious-Packages-Posted-To-Online-Repository.-This-Time-Its-PyPI.html"},"modified":"2023-01-18T15:53:28","modified_gmt":"2023-01-18T15:53:28","slug":"more-malicious-packages-posted-to-online-repository-this-time-its-pypi","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/","title":{"rendered":"More Malicious Packages Posted To Online Repository. This Time It&#8217;s PyPI"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/10\/malware-800x600.jpg\" alt=\"A stylized skull and crossbones made out of ones and zeroes.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"0 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/01\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">55<\/span> <span class=\"visually-hidden\"> with 0 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 71:single\/related:f57fa38a548ab0258a1c128e42a5bdf4 --><!-- empty --><\/p>\n<p>Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn\u2019t going away any time soon.<\/p>\n<p>This time, the repository was PyPI, short for the Python Package Index, which is the official software repository for the Python programming language. Earlier this month, a contributor with the username Lolip0p uploaded three packages to PyPI titled: colorslib, httpslib, and libhttps. The contributor was careful to disguise all three as legitimate packages, in this case, as libraries for creating a terminal user interface and thread-safe connection pooling. All three packages were advertised as providing full-featured usability.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/colorslib.jpg\" class=\"enlarge\" data-height=\"814\" data-width=\"995\" alt=\"Screenshot of malicious PyPI package posing as a legitimate offering.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Screenshot of malicious PyPI package posing as a legitimate offering.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/colorslib-640x524.jpg\" width=\"640\" height=\"524\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/colorslib.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/colorslib.jpg\" class=\"enlarge-link\" data-height=\"814\" data-width=\"995\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Screenshot of malicious PyPI package posing as a legitimate offering.<\/div>\n<\/figcaption><\/figure>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/httpslib.jpg\" class=\"enlarge\" data-height=\"819\" data-width=\"993\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/httpslib-640x528.jpg\" width=\"640\" height=\"528\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/httpslib.jpg 2x\"><\/a><figcaption class=\"caption\"><\/figcaption><\/figure>\n<p><\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/libhttps.jpg\" class=\"enlarge\" data-height=\"781\" data-width=\"1001\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/libhttps-640x499.jpg\" width=\"640\" height=\"499\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/libhttps.jpg 2x\"><\/a><figcaption class=\"caption\"><\/figcaption><\/figure>\n<p>Researchers from security firm Fortinet <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttps\">said<\/a> all three packages were malicious, and the setup.py script for them was identical. The files opened a Powershell window and downloaded a malicious file, called Oxzy.exe, which, at the time of the discovery, was detected by only three anti-malware providers.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/3-detections.jpg\" class=\"enlarge\" data-height=\"555\" data-width=\"1217\" alt=\"Screenshot taken from VirusTotal showing the number of detections. \"><img loading=\"lazy\" decoding=\"async\" alt=\"Screenshot taken from VirusTotal showing the number of detections. \" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/3-detections-640x292.jpg\" width=\"640\" height=\"292\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/3-detections.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/3-detections.jpg\" class=\"enlarge-link\" data-height=\"555\" data-width=\"1217\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Screenshot taken from VirusTotal showing the number of detections. <\/div>\n<div class=\"caption-credit\">ReversingLabs<\/div>\n<\/figcaption><\/figure>\n<p>Oxzy.exe, in turn, downloaded a second malicious file titled Update.exe, which was detected by only seven anti-malware engines. <\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/7-detections.jpg\" class=\"enlarge\" data-height=\"770\" data-width=\"1342\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/7-detections-640x367.jpg\" width=\"640\" height=\"367\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/7-detections-1280x734.jpg 2x\"><\/a><figcaption class=\"caption\"><\/figcaption><\/figure>\n<p>The last file to be dropped was named SearchProtocolHost.exe, which was detected by nine engines.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/9-detections.jpg\" class=\"enlarge\" data-height=\"625\" data-width=\"1216\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/9-detections-640x329.jpg\" width=\"640\" height=\"329\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/9-detections.jpg 2x\"><\/a><figcaption class=\"caption\"><\/figcaption><\/figure>\n<p>One of those engines was Microsoft\u2019s Defender. The description was <a href=\"https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/malware-encyclopedia-description?Name=Trojan:Win32\/Wacatac.b!ml\">Wacatac.b!ml<\/a>, a piece of malware that Microsoft said \u201ccan perform a number of actions of a malicious hacker&#8217;s choice on your PC.\u201d An <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/trojan.win32.wacatac.usxvpga19\">analysis from Trend Micro<\/a> showed that the Trojan has existed since at least 2019, when it was being spread through pirated software available online.<\/p>\n<p>Open source repositories such as PyPI and NPM have become increasingly used as vectors for installing malware through supply chain attacks, which spread malicious software at the source of a legitimate project. From 2018 to 2021, this type of attack grew on NPM almost fourfold and about fivefold on PyPI, <a href=\"https:\/\/3375217.fs1.hubspotusercontent-na1.net\/hubfs\/3375217\/Documents\/2022-The-State-of-Software-Supply-Chain-Security.pdf\">according to<\/a> security firm ReversingLabs. From January to October last year, 1,493 malicious packages were uploaded to PyPI, and 6,977 malicious packages were uploaded to NPM.<\/p>\n<p>Last September, PyPI supply chain attacks escalated. A threat actor launched a credential phishing attack on PyPI contributors and, when successful, used the access to compromised accounts to publish malware that posed as the latest release for legitimate projects associated with the account. Legitimate projects included <a href=\"https:\/\/pypi.org\/project\/exotel\/\">Exotel<\/a> and <a href=\"https:\/\/pypi.org\/project\/spam\/\">Spam<\/a>. In contrast to malicious packages that used names that appeared similar to well-known projects, these attacks were able to poison the official source of a project used for years. The threat actor behind the attacks has <a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/09\/actors-behind-pypi-supply-chain-attack-have-been-active-since-late-2021\/\">been active<\/a> since at least 2021.<\/p>\n<p>\u201cPython end users should always perform due diligence before downloading and running any packages, especially from new authors,\u201d ReversingLabs researchers wrote in the post documenting the latest attacks. \u201cAnd as can be seen, publishing more than one package in a short time period is no indication that an author is reliable.\u201d<\/p>\n<p>The same advice should be applied to NPM, RubyGems, and virtually every other open source repository.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34227\/More-Malicious-Packages-Posted-To-Online-Repository.-This-Time-Its-PyPI.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50175,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9740],"class_list":["post-50174","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwarelinuxbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>More Malicious Packages Posted To Online Repository. This Time It&#039;s PyPI 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"More Malicious Packages Posted To Online Repository. This Time It&#039;s PyPI 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-18T15:53:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/10\/malware-800x600.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"More Malicious Packages Posted To Online Repository. This Time It&#8217;s PyPI\",\"datePublished\":\"2023-01-18T15:53:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/\"},\"wordCount\":532,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi.jpg\",\"keywords\":[\"headline,malware,linux,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/\",\"name\":\"More Malicious Packages Posted To Online Repository. This Time It's PyPI 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi.jpg\",\"datePublished\":\"2023-01-18T15:53:28+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi.jpg\",\"width\":800,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,linux,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwarelinuxbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"More Malicious Packages Posted To Online Repository. This Time It&#8217;s PyPI\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"More Malicious Packages Posted To Online Repository. This Time It's PyPI 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/","og_locale":"en_US","og_type":"article","og_title":"More Malicious Packages Posted To Online Repository. This Time It's PyPI 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-01-18T15:53:28+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/10\/malware-800x600.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"More Malicious Packages Posted To Online Repository. This Time It&#8217;s PyPI","datePublished":"2023-01-18T15:53:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/"},"wordCount":532,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi.jpg","keywords":["headline,malware,linux,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/","url":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/","name":"More Malicious Packages Posted To Online Repository. This Time It's PyPI 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi.jpg","datePublished":"2023-01-18T15:53:28+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi.jpg","width":800,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/more-malicious-packages-posted-to-online-repository-this-time-its-pypi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,linux,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwarelinuxbackdoor\/"},{"@type":"ListItem","position":3,"name":"More Malicious Packages Posted To Online Repository. This Time It&#8217;s PyPI"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50174"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50174\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50175"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}