PR3MIUM
Senior Member
New RAT Trojan within Python Packages are discovered, everone wich have them installed should check it.
"Unfortunately, removing the packages and banning the accounts that uploaded them on PyPI does not stop the threat actors, as they can return to action using new names.
Furthermore, even if the apps are removed from PyPi, they are still on infected devices, requiring developers to remove them manually.
If these malicious packages infected you, it is strongly recommended that you perform an antivirus scan and then change all passwords at websites you frequently visit.
Source:
"Unfortunately, removing the packages and banning the accounts that uploaded them on PyPI does not stop the threat actors, as they can return to action using new names.
Furthermore, even if the apps are removed from PyPi, they are still on infected devices, requiring developers to remove them manually.
If these malicious packages infected you, it is strongly recommended that you perform an antivirus scan and then change all passwords at websites you frequently visit.
Source:
A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI
Phylum uncovers new PyPI malware distributing remote access tools.
blog.phylum.io
Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls
Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access.
www.bleepingcomputer.com