Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

Cybersecurity researchers have identified 41 malicious "imposter packages" on the Python Package Index (PyPI) repository that are posing as typosquatted versions of popular libraries.

The packages, which have names similar to legitimate modules, such as requests, urllib and urllib3, have descriptions that do not hint at their malicious intent. The packages are designed to exfiltrate sensitive data, such as passwords and tokens. The development is the latest attempt by cybercriminals to use open-source repositories to propagate malware to developer systems and mount supply chain attacks.