osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Developers are advised to purge these malicious packages


```
The Python security team removed two trojanized Python libraries from
PyPI (Python Package Index) that were caught stealing SSH and GPG keys
from the projects of infected developers.

The first is "python3-dateutil," which imitated the popular "dateutil"
library. The second is "jeIlyfish" (the first L is an I), which mimicked
the "jellyfish" library.
```

https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

Regards,
-- 
Pankaj Jangid