https://www.sonatype.com/blog/pyfetcher-netfetch-drop-netflix-checker-on-windows
Illicit PyPI Packages 'Netfetcher' & 'Pyfetcher' on Windows
Malicious PyPI packages "netfetcher" and "pyfetcher" impersonate legitimate libraries to target Windows users with undetectable malware.
pypi packagesillicitwindows
https://www.techradar.com/news/hundreds-of-malicious-pypi-packages-are-spreading-havoc-online
Hundreds of malicious PyPI packages are spreading havoc online | TechRadar
Feb 14, 2023 - Hide your bitcoins because crooks are after them
hundreds ofpypi packagesmaliciousspreadinghavoc
https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html?m=1
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and multi-OS compromise.
pypi packagesratdeliveredviatwo
https://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html?m=1
W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
Cybercriminals are distributing info-stealing malware to developers through Python Package Index (PyPI).
pypi packagesstealerdiscoveredmultiplevarious
https://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html
W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
Cybercriminals are distributing info-stealing malware to developers through Python Package Index (PyPI).
pypi packagesstealerdiscoveredmultiplevarious
https://piptrends.com/
Analyze PyPI packages downloads and their GitHub Statistics
pip Trends is a website that shows the top python packages and their alternatives.
pypi packagesanalyzedownloadsgithubstatistics
https://thehackernews.com/2024/01/malicious-pypi-packages-slip-whitesnake.html?m=1
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
pypi packagesmaliciousslipwhitesnakeinfostealer
https://hackread.com/hackers-hide-malware-fake-deepseek-pypi-packages/
Hackers Hide Malware in Fake DeepSeek PyPI Packages
Feb 4, 2025 - Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers.
hackershidemalwarefakedeepseek
https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html?m=0
Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack
New supply chain attack hijacks 22,000 PyPI packages, infiltrating developer environments with malicious updates.
https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/
OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI | Securelist
Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed...
https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/?ref=blog.hunterstrategy.net
OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI | Securelist
Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed...
https://d25lcipzij17d.cloudfront.net/
Version Badge for npm, RubyGems, PyPI, Bower and other packages
Version Badge for npm, RubyGems, PyPI, Bower and other packages
and otherversionbadgenpmrubygems
https://thehackernews.com/2025/04/malicious-python-packages-on-pypi.html?m=1
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Researchers found Disgrasya downloaded 37,217 times, targeting WooCommerce with carding scripts that steal payment data.
python packages
https://thehackernews.com/2025/02/pypi-introduces-archival-status-to.html
PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages
PyPI introduces a project archival feature to improve supply chain security, with archived projects remaining installable but unmaintained
pypiintroducesarchivalstatus
https://securityaffairs.com/142220/malware/451-clipper-malware-pypi.html
Experts discover +451 clipper malware-laced packages in PyPI rep
Feb 14, 2023 - Threat actors published more than 451 unique malware-laced Python packages on the official Python Package Index (PyPI) repository.
expertsdiscover451clippermalware
https://dev.to/kornilovconstru/pypi-compromised-malicious-code-in-telnyx-packages-leads-to-credential-theft-and-malware-dpj
PyPI Compromised: Malicious Code in `telnyx` Packages Leads to Credential Theft and Malware...
Executive Summary The PyPI repository has once again fallen victim to a sophisticated... Tagged with security, pypi, malware, steganography.
https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Old Python bootstrap scripts and a malicious PyPI package expose developers to domain takeover and RAT risks.
https://jfrog.com/help/r/artifactory-how-to-download-pypi-packages-using-wget-when-anonymous-access-is-enabled
ARTIFACTORY: How to Download PyPI Packages Using Wget When Anonymous Access Is Enabled
how to download
https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
remote accessfakepythonspellcheckerpackages
https://thehackernews.com/2023/12/116-malware-packages-found-on-pypi.html?rand=1734
116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems
Cybersecurity researchers have identified a total of 116 malicious packages on the Python Package Index (PyPI) repository.
https://thehackernews.com/2023/08/north-korean-hackers-deploy-new.html
North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository
Researchers uncover 3 more malicious Python packages in PyPI repository under VMConnect campaign.
north korean hackerspython packagesdeploynew