Kowatek Solar LTD
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site

Dozens of Malicious ‘HTTP’ Libraries Found on PyPI

ReversingLabs researchers found a number of malicious libraries in the Python Package Index (PyPI) repository.

Most of the files discovered were malicious packages masquerading as HTTP libraries, according to an advisory released Wednesday by Lucija Valentic, a software threat researcher at ReversingLabs.

“The descriptions of these packages are mostly not malicious,” explains Valentic. “Some are masquerading as real libraries, and compliment their features with those of known legitimate HTTP libraries.”

Specifically, ReversingLabs found 41 malicious PyPI packages, which security researchers categorized into two types.

The first was a download used to deliver second stage malware to compromised systems and the second was an information stealer.

“It’s not uncommon for malicious actors to call out the acronym ‘HTTP’ when naming malicious packages,” Valentic said.

She explained that developers often use HTTP libraries to communicate with appropriate APIs for third-party module functionality.

“This background makes HTTP libraries of great interest to malicious actors and researchers tracking malicious campaigns online,” wrote the security researcher.

Valentic says there are many similarities between the malicious packages ReversingLabs has detected.

“The packages contain only a few files and have little identifying information compared to legitimate software modules,” she wrote in the advisory.

“The functions and purposes contained in these packages are fictitious. The real purpose of these packages is malicious and unexplained.”

A list of these malicious packages and detailed descriptions of some of them are available at ReversingLabs. Recommendation.

“Typosquatting attacks against platforms such as PyPI, npm, RubyGems, and GitHub are common,” warns Valentic.

“Developers should frequently conduct security assessments of third-party libraries and other dependencies in their code.”

This technical article comes a few days after JavaScript developer Jesse Mitchell discovered the attacker. Uploaded over 15,000 spam packages on the open source npm repository.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us