FortiGuard Labs has analyzed malicious software packages detected from November 2024 to the present, identifying various techniques used to exploit system vulnerabilities. This analysis provides insights into the evolving threat landscape and emerging attack methods. FortiGuard Labs leverages our proprietary, AI-driven OSS malware detection system to track and examine these threats. By reviewing the tactics observed—such as low-file-count packages designed to evade detection, command overwrite
malicious packages (2)
Security researchers have identified more than 20 malicious PyPI packages designed to steal passwords and other sensitive information from the victims’ machines. Investigators are warning of two such packages ‘ultrarequests’ and ‘pyquest’ that were masquerading as ‘requests’, a highly popular open source package. The malicious repositories copied the description from the legitimate package and contained fake statistics. PyPI as an index which allows users to search for packages by keywords o
