Shulou(Shulou.com)11/24 Report--

CTOnews.com reported on November 10 that there are some security risks in PyPI, a third-party library of Python. Many security companies have pointed out that there are quite a lot of malicious Trojans on the platform. CTOnews.com previously reported that the platform stopped registering in May this year because of a surge of malicious content and required users to log in using double authentication.

The security company Checkmarx recently announced a malicious Trojan horse called BlazeStealer in PyPI, which is said to be quite "bold".

CTOnews.com learned from the report that the Trojan does not hide its whereabouts after infecting the user's computer, but blatantly controls the user's computer screen to show a series of BSOD crash images, with ridicule messages such as "your computer is about to catch fire" and "your computer is about to die. Wish you come back soon."

▲ graphic source CheckmarxCheckmarx said that hackers released eight packages on the PyPI platform from January to October this year, which were used to spread BlazeStealer malicious Trojans. The victims spread all over the world, of which 69.2% were in the United States, followed by China, with 12.4%.

It is reported that the malicious suite with hidden Trojans contains two files, setup.py and init.py, which are used to retrieve and execute hackers' storage in Transfer [.] Sh Python code, once developers inadvertently install such malicious PyPI suite, the computer will be infected by BlazeStealer.

After being infected with BlazeStealer, in addition to "blatantly controlling the user's computer screen", the Trojan will also mine account passwords from browser records, execute remote commands, encrypt user files, disable antivirus software such as Microsoft Defender, take random screenshots of the user's desktop, and even control the camera of the device to record external scenes.

▲ source CheckmarxCheckmarx hints that when using the PyPI library, users should give priority to looking for packages that are authenticated, have a large number of users and have a high rating, so as to prevent them from being "hit" and hacked.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.