In a recent report, the popular open software repository Pypi (Python Package Index) has fallen victim to a series of large-scale cyber attacks. These attacks involved the use of automated tools to download numerous malicious packages onto the platform.
Once installed on users’ devices, these malicious packages deployed a code designed to target cryptocurrency wallets, steal confidential data from browsers, compromise accounts, and access other valuable information.
The attackers utilized a method known as typosquatting, which involves creating packages with names closely resembling those of well-known libraries in software control systems such as NPM for Node.js and Pypi for Python. This tactic aims to trick developers into accidentally installing malicious packages instead of legitimate ones.