Python developers have been warned of a malicious package named “noblesse” uploaded to the PyPI repository. The package is believed to contain a backdoor that could allow attackers to execute arbitrary code on affected systems. The malicious package was uploaded by a user named “carlospolop” who has been identified as a threat actor associated with multiple cyber-attacks. The “noblesse” package has since been removed from the repository, and PyPI has suspended the user’s account.
Developers who installed the package have been advised to review their systems for any suspicious activities and change their passwords. Python developers have been reminded to exercise caution when installing third-party packages and to verify the authenticity of the source.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.