Two different malicious Python libraries have been pulled off of the Python Package Index (PyPI) after they were found to be stealing SSH and GPG Keys from other developers. These malicious libraries were both created by the same developer, username olgired2017, and made to look like two other well-known libraries. These libraries were “python3-dateutil” which looked similar to “dateutil” and “jeIlyfish,” with the first “L” replaced by an uppercase letter “i,” which was designed to mimic “jellyfish.” Lukas Martini, a German software developer, discovered both malicious libraries on December 1st, 2019 and reported them to the team at PyPI. When PyPI took a look, they found that the python3-dateutil was created just two days prior on November 29th, 2019 while the jeIlyfish library had existed for almost a year since its creation on December 11th, 2018.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.