Developers Warned of Mac-Attached Malicious PyPI, NPM, and Ruby Packages


Share post:

According to software supply chain security company Phylum, threat actors have begun posting malicious packages to PyPI, NPM, and RubyGems repositories as part of a new campaign to steal user information.

Over the weekend, the first malicious packages with a focus on MacOS users were uploaded to the PyPI and NPM repositories. The PyPI package that Phylum first noticed was intended to gather data about the victim’s computer and exfiltrate it to a server under the control of the attacker. Additionally, the code would distribute later versions that contained more malicious payloads.

Similar in its behavior, the identified RubyGems package only targeted MacOS systems while gathering system information and transmitting it to a remote server.

Read More: Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs

TalkDev Bureau
TalkDev Bureau
The TalkDev Bureau has five well-trained writers and journalists, well versed in B2B enterprise technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs- to bring you the best and latest in the domain.


Please enter your comment!
Please enter your name here


Related articles

Automat-IT and Anodot Partner to Maximize AWS Value

Automat-IT, a leading provider of DevOps and FinOps services, and Anodot, the augmented FinOps company, have announced a...

Corsight AI Integrates with Milestone System XProtect and Joins Milestone Technology Partner Finder

Corsight AI announced its integration with Milestone Systems XProtect video management software (VMS) on the Milestone Systems Technology...

Top 5 Software Development Methodologies

Over the decades, many software development methodologies have worked to enhance software projects. However, no single process suits...

Timeplus Open Sources its Influential Streaming Analytics Engine for Developers Worldwide

Timeplus announces licensing its core engine, Proton, as open source for developers globally. Timeplus has developed a unified streaming...