Tag: PyPI

  • Crypto Wallets Targetted Using Malicious PyPI Packages

    Crypto Wallets Targetted Using Malicious PyPI Packages

    PyPI has long been used as a means of distributing malicious code masquerading as legitimate utilities by bad actors. Yehuda Gelb recently exposed one such operation, targeting users of prominent crypto-wallets such as Atomic, Metamask, Exodus, and many more, by uploading multiple packages within a short timeframe to the repository,…

  • Revival Hijack: A PyPI Supply Chain Attack Technique.

    Revival Hijack: A PyPI Supply Chain Attack Technique.

    Researchers at JFrog have recently discovered a PyPI supply chain attack technique being exploited in the wild, dubbed “Revival Hijack”. This technique can be used to hijack Python packages hosted on PyPI by manipulating the option to re-register(revive) their names once the owner takes them down. A package repository is a centralized…