Two malicious Python libraries caught stealing SSH and GPG keys

Dec 4, 2019 12:00 pm Cyber Security 263
Two malicious Python libraries caught stealing SSH and GPG keys

Image: ZDNet

techrepublic cheat sheet



The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers.


The two libraries were created by the same developer and mimicked other more popular libraries -- using a technique called typosquatting to register similarly-looking names.


The first is "python3-dateutil," which imitated the popular "dateutil" library. The second is "jeIlyfish" (the first L is an I), which mimicked the "jellyfish" library.


The two malicious clones were discovered on Sunday, December 1, by German software developer Lukas Martini. Both libraries were removed on the same day after Martini notified dateutil developers and the PyPI security team.


While the python3-dateutil was created and uploaded on PyPI two days before, on November 29, the jeIlyfish library had been available for nearly a year, since December 11, 2018.


Stealing SSH and GPG keys




According to Martini, the malicious code was present only in the jeIlyfish library. The python3-dateutil package didn't contain malicious code of its own, but it did import the jeIlyfish library, meaning it was malicious by association.


The code downloaded and read malicious python libraries caught stealing

Read The Rest from the original source
zdnet.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!