Robuta

https://www.sonatype.com/blog/pyfetcher-netfetch-drop-netflix-checker-on-windows Illicit PyPI Packages 'Netfetcher' & 'Pyfetcher' on Windows Malicious PyPI packages "netfetcher" and "pyfetcher" impersonate legitimate libraries to target Windows users with undetectable malware. pypi packagesillicitwindows https://www.techradar.com/news/hundreds-of-malicious-pypi-packages-are-spreading-havoc-online Hundreds of malicious PyPI packages are spreading havoc online | TechRadar Feb 14, 2023 - Hide your bitcoins because crooks are after them hundreds ofpypi packagesmaliciousspreadinghavoc https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html?m=1 SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and multi-OS compromise. pypi packagesratdeliveredviatwo https://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html?m=1 W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names Cybercriminals are distributing info-stealing malware to developers through Python Package Index (PyPI). pypi packagesstealerdiscoveredmultiplevarious https://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names Cybercriminals are distributing info-stealing malware to developers through Python Package Index (PyPI). pypi packagesstealerdiscoveredmultiplevarious https://piptrends.com/ Analyze PyPI packages downloads and their GitHub Statistics pip Trends is a website that shows the top python packages and their alternatives. pypi packagesanalyzedownloadsgithubstatistics https://thehackernews.com/2024/01/malicious-pypi-packages-slip-whitesnake.html?m=1 Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines pypi packagesmaliciousslipwhitesnakeinfostealer https://hackread.com/hackers-hide-malware-fake-deepseek-pypi-packages/ Hackers Hide Malware in Fake DeepSeek PyPI Packages Feb 4, 2025 - Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers. hackershidemalwarefakedeepseek https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html?m=0 Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack New supply chain attack hijacks 22,000 PyPI packages, infiltrating developer environments with malicious updates. https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/ OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI | Securelist Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed... https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/?ref=blog.hunterstrategy.net OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI | Securelist Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed... https://d25lcipzij17d.cloudfront.net/ Version Badge for npm, RubyGems, PyPI, Bower and other packages Version Badge for npm, RubyGems, PyPI, Bower and other packages and otherversionbadgenpmrubygems https://thehackernews.com/2025/04/malicious-python-packages-on-pypi.html?m=1 Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data Researchers found Disgrasya downloaded 37,217 times, targeting WooCommerce with carding scripts that steal payment data. python packages https://thehackernews.com/2025/02/pypi-introduces-archival-status-to.html PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages PyPI introduces a project archival feature to improve supply chain security, with archived projects remaining installable but unmaintained pypiintroducesarchivalstatus https://securityaffairs.com/142220/malware/451-clipper-malware-pypi.html Experts discover +451 clipper malware-laced packages in PyPI rep Feb 14, 2023 - Threat actors published more than 451 unique malware-laced Python packages on the official Python Package Index (PyPI) repository. expertsdiscover451clippermalware https://dev.to/kornilovconstru/pypi-compromised-malicious-code-in-telnyx-packages-leads-to-credential-theft-and-malware-dpj PyPI Compromised: Malicious Code in `telnyx` Packages Leads to Credential Theft and Malware... Executive Summary The PyPI repository has once again fallen victim to a sophisticated... Tagged with security, pypi, malware, steganography. https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages Old Python bootstrap scripts and a malicious PyPI package expose developers to domain takeover and RAT risks. https://jfrog.com/help/r/artifactory-how-to-download-pypi-packages-using-wget-when-anonymous-access-is-enabled ARTIFACTORY: How to Download PyPI Packages Using Wget When Anonymous Access Is Enabled how to download https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0. remote accessfakepythonspellcheckerpackages https://thehackernews.com/2023/12/116-malware-packages-found-on-pypi.html?rand=1734 116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems Cybersecurity researchers have identified a total of 116 malicious packages on the Python Package Index (PyPI) repository. https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository Researchers uncover 3 more malicious Python packages in PyPI repository under VMConnect campaign. north korean hackerspython packagesdeploynew