Tag: Dormant PyPI Package

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware
News

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

Almost two years after going dormant, a dormant package named Nova Sentinel was upgraded to spread information-stealing malware on the Python Package Index (PyPI) repository. Software supply chain security company Phylum claims that the package, django-log-tracker, was initially uploaded to PyPI in April 2022. On February 21, 2024, the company discovered an unusual modification to the library. Although there hasn't been any updates to the linked GitHub repository since April 10, 2022, the appearance of a malicious update raises the possibility that the developer's PyPI account has been compromised. To date, 3,866 downloads have been made of Django-log-tracker read more Dormant PyPI Package Compromised to Spread Nova Sentinel Malware. Get up to date on the latest cybersecurity ...