Malicious Python Package Available in PyPI Repo for a YearTwo malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects.
One of them, using typosquatting to impersonate a legitimate library, resisted for about a year in the repository. The other survived for just a couple of days.
PyPI is a collection of software created and shared by the Python community to help developers in their projects.
Undetected for a...