← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PyPI Inundated by Malicious Typosquatting Campaign
WHITE AlienVault 2024-03-29 Modified: 2024-03-29
3
IOCs
LOW VOLUME
Check Point CloudGuard identified a typosquatting campaign on PyPI, comprising over 500 malicious packages. Installation of these packages exposed users to potential theft of their personally identifiable information (PII) and the installation of malware on their systems. Upon detection, we promptly notified PyPI about these packages, leading to their swift removal by the PyPI administrative team.
pypigdpr cookieappsecpython
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (3)
All URL domain
TYPEINDICATORDESCRIPTIONCREATED
URL https://funcaptcha.ru/atomic/app.asar 2024-03-29
URL https://funcaptcha.ru/paste2 2024-03-29
domain funcaptcha.ru 2024-03-29
References (1)
↗ https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/