Latest news with #PythonPackageIndex
Forbes
03-05-2025
- Forbes
Data-Stealing Gmail Tunnel Created By Hackers — What You Need To Know
Beware this Python threat that creates a Gmail tunnel. Love it or loathe it, you can't ignore Google's highly popular free email platform, Gmail. With reports of sophisticated threats against users and seven-day account recovery warnings following password compromises, this is one email service that's never far from the news headlines. While many of these involve direct attacks against Gmail accounts, some are a little more, shall we say, complex in terms of the threat they pose. Such is the case with the latest report from security researchers who have uncovered Coffin-Code attackers using malicious Python packages designed to create a data-exfiltrating tunnel by way of Gmail. Here's what you need to know. Let's start at the beginning and make it clear that the Simple Mail Transfer Protocol at the heart of this attack mechanism is not used by Gmail alone. SMTP is the de facto communication protocol used to send and receive email across the internet. It is, however, a highly trusted protocol just as Gmail is a highly trusted email provider. Trust plus trust, in this case, equals danger. What the Socket Threat Research Team discovered, as reported by Olivia Brown, a threat analyst at Socket, is that attackers have created a bunch of malicious Python packages that use Gmail's SMTP protocol to create a tunnel that can exfiltrate data and execute attack commands. Read the full report if you want all the technical details. Although all seven malicious packages have now been removed from the Python Package Index, the attack methodology is worth taking note of. 'Watch for unusual outbound connections, especially SMTP traffic, since attackers can use legitimate services like Gmail to steal sensitive data,' Brown warned. I have reached out to Gmail for a statement.
TECHx
05-02-2025
- Business
- TECHx
Positive Technologies Halts Malicious PyPI Attack on DeepSeek Users - TECHx Media Positive Technologies Halts Malicious PyPI Attack on DeepSeek Users
Positive Technologies Halts Malicious PyPI Attack on DeepSeek Users News Desk - Share The Supply Chain Security team at Positive Technologies' Expert Security Center (PT ESC) has uncovered and neutralized a malicious campaign targeting developers, ML engineers, and those integrating DeepSeek into their projects. The attack was orchestrated through the Python Package Index (PyPI) repository. The attacker's account, created in June 2023, remained inactive until January 29, 2024, when two malicious packages—deepseeek and deepseekai—were registered. Once installed, these packages deployed console commands that, when executed, stole sensitive user data, including system details and environment variables containing database credentials and access keys. The stolen information was transmitted to the attackers via Pipedream, a widely used developer integration platform acting as their command-and-control (C2) server. Stanislav Rakovsky, Head of Supply Chain Security at PT ESC, highlighted the growing cyber threats targeting trending technologies: 'Cybercriminals are always looking for the next big thing to exploit, and DeepSeek's popularity made it a prime target. What's particularly interesting is that the malicious code appears to have been generated using an AI assistant, as indicated by comments within the code itself.' The malicious packages were uploaded to PyPI on the evening of January 29. Thanks to PT PyAnalysis, Positive Technologies' automated detection service, the threat was identified and neutralized within minutes. However, the packages had already been downloaded over 200 times before removal. Given the rising interest in DeepSeek, this attack could have led to widespread data breaches if left undetected. Positive Technologies urges developers to exercise caution when installing new or unfamiliar packages and to leverage PT PyAnalysis for real-time monitoring of PyPI releases, ensuring robust protection against supply chain attacks.
