Security researchers at Kaspersky have identified two more malicious Python packages in the Python Package Index repository. This occurred just days after Check Point researchers found 10 malicious Python packages. Kaspersky has released a blog post detailing the additional packages, both of which were masquerading as popular open-source packages. The attacker used a description of the legitimate ‘requests’ package to trick victims into installing a malicious version instead of the legitimate package.
The description also contained fake statistics suggesting that the package was installed hundreds of millions of times and boasted a high number of stars on GitHub. The fake statistics are another tactic to trick victims into downloading the malicious version of the popular tool. Kaspersky researchers also found that the code of the malicious packages was very similar to the legitimate one, with the exception of one file. The modified version of the file exception.py was dated July 30. Kaspersky has reported both of the malicious packages to the PyPl security team.
Read More: Two Additional Malicious Python Libraries Found on PyPI Repository