[Git][reproducible-builds/reproducible-website][master] 2021-07: Add another source for the PyPI issue.

Chris Lamb (@lamby) gitlab at salsa.debian.org
Thu Aug 5 08:44:02 UTC 2021



Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
4cb7e2c7 by Chris Lamb at 2021-08-05T09:43:26+01:00
2021-07: Add another source for the PyPI issue.

- - - - -


1 changed file:

- _reports/2021-07.md


Changes:

=====================================
_reports/2021-07.md
=====================================
@@ -22,7 +22,7 @@ On Friday 27th August, Duc Ly Vu, Fabio Massacci, Ivan Pashchenko, Henrik Plate
 
 [![]({{ "/images/reports/2021-07/arstechnica.jpg#right" | relative_url }})](https://arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-code/)
 
-Last month, we linked to [Ars Technica](https://arstechnica.com/)'s report that 'counterfeit' packages on [PyPI](https://pypi.org/), the official Python package repository, [contained secret code that installed cryptomining software on infected machines](https://arstechnica.com/gadgets/2021/06/counterfeit-pypi-packages-with-5000-downloads-installed-cryptominers/). This month, however, Dan Goodin reported on another PyPI malware issue: in [**Software downloaded 30,000 times from PyPI ransacked developers' machines**](https://arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-code/), Dan writes about a number of malicious payloads (such as [Discord](https://discord.com/) token and credit card 'stealers') that appear to have targeted programmers' computers.
+Last month, we linked to [Ars Technica](https://arstechnica.com/)'s report that 'counterfeit' packages on [PyPI](https://pypi.org/), the official Python package repository, [contained secret code that installed cryptomining software on infected machines](https://arstechnica.com/gadgets/2021/06/counterfeit-pypi-packages-with-5000-downloads-installed-cryptominers/). This month, however, Dan Goodin reported on another PyPI malware issue: in [**Software downloaded 30,000 times from PyPI ransacked developers' machines**](https://arstechnica.com/gadgets/2021/07/malicious-pypi-packages-caught-stealing-developer-data-and-injecting-code/), Dan writes about a number of malicious payloads (such as [Discord](https://discord.com/) token and credit card 'stealers') that appear to have targeted programmers' computers. ([Another source](https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/).)
 
 <br>
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4cb7e2c79d962c5e153828b9a6ae1db88469bf7d

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/4cb7e2c79d962c5e153828b9a6ae1db88469bf7d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210805/6e2558b7/attachment.htm>


More information about the rb-commits mailing list