Priya Patel
TLDR:
- A dormant Python Package Index (PyPI) package named Django-log-tracker was unexpectedly updated to deploy the NovaSentinel stealer malware
- The malicious update stripped the package to its bare essentials, leaving only an __init__.py and example.py file, both containing identical, malicious code
Researchers identified a cyberattack through the dormant PyPI package Django-log-tracker, which was updated to deploy the NovaSentinel stealer malware. This highlights a significant threat to the software supply chain, emphasizing the need for heightened security measures among developers and organizations. The malware was disguised within the package, triggering concerns about supply chain attacks. The malware is capable of exfiltrating sensitive information from infected Windows systems. Phylum’s prompt detection and reporting led to the removal of the compromised package from PyPI, preventing further downloads and infections.
