Post Syndicated from original https://lwn.net/Articles/913555/

Phylum has posted an
article with a detailed look at a set of malicious packages discovered
by an automated system they have developed.

Similar to this attacker’s previous attempts, this particular
attack starts by copying existing popular libraries and simply
injecting a malicious __import__ statement into an otherwise
healthy codebase. The benefit this attacker gained from copying an
existing legitimate package, is that because the PyPI landing page
for the package is generated from the setup.py and the README.md,
they immediately have a real looking landing page with mostly
working links and the whole bit. Unless thoroughly inspected, a
brief glance might lead one to believe this is also a legitimate
package.