Python developers have been warned about trojanised PyPI packages mimicking popular libraries

According to a report dated February 22, 2023, cybersecurity researchers have alerted to the presence of "impostor packages" on the Python Package Index (PyPI) repository. 

These are 41 malicious packages that mimic legitimate modules such as HTTP, AIOHTTP, requests, urllib and urllib3 by using typosquatted variants of their names.  

The descriptions of these packages make no reference to their malicious intent, some of them even present themselves as real libraries with capabilities comparable to legitimate HTTP libraries. In reality, these packages contain either downloaders that distribute second-stage malware or information thieves that seek to exfiltrate sensitive data such as passwords and tokens. 

This attempt to spread malware via open source repositories is not new and is part of a series of supply chain attacks targeting GitHub, npm, PyPI and RubyGems. Malicious actors rely on typosquatting to trick developers into inadvertently adopting malicious packages with names similar to legitimate ones. 

Read more about it : here