Path: ...!weretis.net!feeder6.news.weretis.net!feeder8.news.weretis.net!newsfeed.bofh.team!paganini.bofh.team!not-for-mail
From: Wanderer<dont@emailme.com>
Newsgroups: sci.electronics.design
Subject: Warning for Python Users: PyPi supply chain attack
Date: Fri, 29 Mar 2024 06:29:52
Organization: To protect and to server
Message-ID: <433399@dontemail.com>
Injection-Info: paganini.bofh.team; logging-data="351151"; posting-host="FnsOMLxu7Y6cXrzoUdB7vQ.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
X-Notice: Filtered by postfilter v. 0.9.3
Bytes: 1871
Lines: 12

Warning for those who use Python.

pypi halted new users and projects while it fended off supply chain attack
https://arstechnica.com/security/2024/03/pypi-halted-new-users-and-projects-while-it-fended-off-supply-chain-attack/
The malicious code is located within each package's setup.py file, enabling automatic execution upon installation.

In addition, the malicious payload employed a technique where the setup.py file contained obfuscated code that 
was encrypted using the Fernet encryption module. When the package was installed, the obfuscated code was automatically 
executed, triggering the malicious payload. Upon execution, the malicious code within the setup.py file attempted to retrieve 
an additional payload from a remote server. The URL for the payload was dynamically constructed by appending the package 
name as a query parameter. The retrieved payload was also encrypted using the Fernet module. Once decrypted, the payload 
revealed an extensive info-stealer designed to harvest sensitive information from the victim's machine. The malicious payload 
also employed a persistence mechanism to ensure it remained active on the compromised system even after the initial execution."