27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

Unknown threat actors have been using typosquat packages to distribute malware via the Python Package Index (PyPI) repository for roughly six months. The malware, disguised as legitimate Python packages, was downloaded thousands of times, primarily from the U.S., China, France, Hong Kong, Germany, Russia, Ireland, Singapore, the U.K., and Japan. The packages targeted data, cryptocurrency wallets, and sought to gain persistence on systems. This highlights the persistent threats in areas where open exchange of code takes place.