腾讯网22 天
安全公司曝光山寨 Python 命令行工具 Fabric,可获用户设备凭据
IT之家获悉,目前 Socket 已通知 Python Package Index(PyPI)下架了“Fabrice”,该安全公司同时警告有部署相关库工具的开发者应检查是否下载错误成了“李鬼”山寨版本,避免被黑客趁虚而入。
安全警报:恶意Python工具Fabrice替代正品,引发数据安全隐患
近日,安全公司Socket对外发布警报,揭露了一款名为“Fabrice”的恶意Python命令行工具,其仿冒了知名的SSH自动化工具“Fabric”。这款名为Fabrice的工具,不仅在名字上与正品仅有一字之差,其实质却是一个潜伏在用户设备中的木马病毒。开发者Jeff Forcier维护的Fabric工具已经存在10余年,下载量超过2亿次,而这一假冒工具则自2021年起悄然入侵市场,下载量也达到3 ...
TechRepublic21 天
TIOBE Index for November 2024: Top 10 Most Popular Programming Languages
TIOBE Index for November 2024: Top 10 Most Popular Programming Languages Your email has been sent Python’s popularity in the index shows no sign of slowing. Go rises to its highest position ever ...
PyPI曝出虚假AI辅助工具,研发者须警惕安全陷阱
11月25日,国际知名安全公司卡巴斯基发布通报,揭露了在Python Package Index(PyPI)平台上发现的两个伪装成AI辅助工具的恶意软件包。这些工具分别名为“gptplus”和“claudeai-eng”,声称能够访问OpenAI的GPT-4Turbo模型和Anthropic的ClaudeAI API,但实际上却是潜藏在背后的木马勒索软件。
Infosecurity-magazine.com23 年
Malicious PyPI Package Exposes Crypto Wallets to Infostealer Code
A malicious PyPI package “aiocpa,” that stole crypto wallet data via obfuscated code, has been removed after being reported ...
The Hacker News23 年
PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot
Signs of malicious activity were first spotted in version 0.1.13 of the library, which included a change to the Python script ...
The Hacker News11 天
PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that ...