The Python security team removed two malicious Python libraries that were caught stealing SSH and GPG keys from the projects.
Two trojanized Python libraries removed from PyPI (Python Package Index) by the Python security team. The malicious clones were discovered by German software developer Lukas Martini. The libraries were created by the same developer and they were mimicking the other popular libraries. This technique is called typosquatting.
The first malicious library is called “python3-dateutil” that was imitated the “dateutil” library. It was created and uploaded on PyPI two days before the discovery. Other one is called “jeIlfish” (first L is an I) and it was mimicking the “jellyfish” library. The “JeIlyfish” library was available for almost a year, since December 11, 2018. The “python3-dateutil” library didn’t contain any malicious code of its own but it was importing the “JeIlyfish” library.
The malicious libraries were created by the developer who used the username of olgired2017 on GitLab account. Except the malicious codes, typosquatted packages were exact copies of original libraries that could have worked as the originals. If you used any of these libraries it would be safe to check your codes and remove the malicious ones.
Stay tuned for up-to-date Cyber Security News