List of all reported malicious & pytosquatting packages in PyPI found using OSINT
- https://blog.sonatype.com/can-you-spot-this-cryptic-reverse-shell-found-in-pypi-packages
- https://blog.sonatype.com/careful-out-there-open-source-attacks-continue-to-be-on-the-uptick
- https://blog.sonatype.com/trojanized-pypi-package-imitates-a-popular-python-server-library
- https://securityboulevard.com/2022/02/malicious-roblox-cookie-and-discord-token-stealers-hit-pypi-repository/
- https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e4
- https://bertusk.medium.com/malicious-pypi-packages-found-exfiltrating-data-and-opening-reverse-shells-87d4afb5d99e
- https://thehackernews.com/2021/11/11-malicious-pypi-python-libraries.html
- https://blog.sonatype.com/another-day-of-malware-malicious-botaa3-pypi-package
- https://thehackernews.com/2021/11/11-malicious-pypi-python-libraries.html
- https://www.bleepingcomputer.com/news/security/pypi-removes-mitmproxy2-over-code-execution-concerns/
- https://thehackernews.com/2021/07/several-malicious-typosquatted-python.html
- https://www.bleepingcomputer.com/news/security/pypi-packages-caught-stealing-credit-card-numbers-discord-tokens/
- https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-hijack-dev-devices-to-mine-cryptocurrency/
- https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/
- https://www.zdnet.com/article/malicious-python-libraries-targeting-linux-servers-removed-from-pypi/
- https://github.com/rsc-dev/pypi_malware
- https://www.zdnet.com/article/twelve-malicious-python-libraries-found-and-removed-from-pypi/
- https://www.bleepingcomputer.com/news/security/backdoored-python-library-caught-stealing-ssh-credentials/
- https://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/