A new crop of malicious modules found on PyPI

Phylum has posted anarticle with a detailed look at a set of malicious packages discoveredby an automated system they have developed.

Similar to this attacker's previous attempts, this particularattack starts by copying existing popular libraries and simplyinjecting a malicious __import__ statement into an otherwisehealthy codebase. The benefit this attacker gained from copying anexisting legitimate package, is that because the PyPI landing pagefor the package is generated from the setup.py and the README.md,they immediately have a real looking landing page with mostlyworking links and the whole bit. Unless thoroughly inspected, abrief glance might lead one to believe this is also a legitimatepackage.