Security company: hackers are attacking Aliyun and Amazon AWS users through "copycat" software packages 04/04 Update SLTechnology News&Howtos

Security company: hackers are attacking Aliyun and Amazon AWS users through "copycat" software packages

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Shulou(Shulou.com)11/24 Report--

CTOnews.com, October 23 (Xinhua)-- Security company Checkmarx found that hackers have launched a new wave of PyPI "copycat" malicious software package attacks, mainly targeting users using Aliyun and Amazon AWS.

Since September this year, security companies have detected hackers "poisoning" PyPI's official warehouse and uploading a series of malicious software packages. The malicious code in these packages will not automatically start after the user installs the package, unless the user calls a specific function when using the package.

CheckmarxCheckmarx, the source of ▲ graphics, believes that because many security analysis software only scans for malicious code that runs automatically, it is difficult to find such packages that "can only start malicious code through specific functions".

CTOnews.com learned from the report that, for example, a malicious software package called Telethon2 in PyPI's official warehouse is actually a "fake" version of "authentic" Telethon, which has been downloaded more than 6900 times.

▲ Picture Source Checkmarx Security found that in this malicious software package called "Telethon2", the hacker did not cause the malicious code to start after installation, but by embedding two lines of instructions in telethon / client / messages.py so that the user would start the malicious code when sending the "message".

In order to entice developers to be fooled, hackers not only use the means of imitating domain names (Typosquatting), but also make these "fake" software packages look "quite popular".

As developers often refer to the statistics of GitHub in the process of selecting software packages, attackers deliberately link the "fake packages" in PyPI to irrelevant projects on GitHub, causing developers to mistakenly think that relevant software packages are welcomed by the outside world, thus reducing their guard.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.