19 votes

Cybercriminals pose as "helpful" Stack Overflow users to push malware

2 comments

  1. pyeri
    Link
    Another reason why you shouldn't even copy-paste blindly from Stack Overflow answers, let alone install packages those answers recommend. Always have multiple filters in place like: What the...

    Another reason why you shouldn't even copy-paste blindly from Stack Overflow answers, let alone install packages those answers recommend. Always have multiple filters in place like:

    1. What the posted code does (obviously).
    2. Said author's reputation on Stack Overflow.
    3. Said package reputation.
    4. Said package developer/maintainer reputation.

    Unfortunately, software development has become far too complex for us to start reinventing everything from scratch. Layers upon layers of libraries, frameworks, tooling, etc. have become de-facto standards over the last decade and the cruft is likely to only increase in future, not decline. This means, more easy for bad actors to perform these threats and more difficult for folks to keep up with these filters and avoid those threats.

    9 votes
  2. riQQ
    Link

    Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.

    Sonatype researcher Ax Sharma (and a writer at BleepingComputer) discovered this new PyPi package is part of a previously known 'Cool package' campaign, named after a string in the package's metadata, that targeted Windows users last year.

    This PyPi package is named 'pytoileur' and was uploaded by threat actors to the PyPi repository over the weekend, claiming it was an API management tool. Notice how the package has the "Cool package" string in the Summary metadata field, indicating it is part of this ongoing campaign.

    7 votes