More typo-squatting Malware Found on PyPI

Malware was recently discovered on the Python Packaging Index that targets Windows users. The package was called colourama and if it had been installed, would end up installing malware on your PC. It is basically hoping that you will misspell the popular colorama pacakge.

You can read more about the malware on Medium where it describes the malware as being a “Cryptocurrency Clipboard Hijacker”.

I actually wrote about this issue last year too when the Slovak National Security Office identified several malicious libraries on the Python Packaging Index.

I noticed this week that the Python Software Foundation is looking at adding security to PyPI in 2019 which they announced on their blog, although right now it does not appear to say what kind of security will be added.

Print Friendly, PDF & Email