Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Malicious PyPI Package Targets Apple macOS: 59 Downloads, Google Cloud Credentials at Risk!
“Cybersecurity researchers found a malicious PyPI package targeting macOS to steal Google Cloud credentials. Named ‘lr-utils-lib,’ it was downloaded 59 times before being removed. The malware verifies the macOS system and checks its UUID against a list of hashes before stealing data. This highlights the…
Hot Take:
So, the cyber baddies are targeting macOS users through a Python package, huh? Looks like even your ‘friendly’ code library could be planning a heist. Looks like it’s time to start treating code repositories like dodgy Craigslist listings!
Key Points:
- Malicious Python package “lr-utils-lib” found on PyPI targeting macOS users.
- Package aimed to steal Google Cloud credentials using predefined hashes.
- 59 downloads before takedown; uploaded in June 2024.
- Checkmarx uncovered a fake LinkedIn profile linked to the malware author.
- Part of an ongoing trend of targeted supply chain attacks on macOS.
Already a member? Log in here