PyPI Users Targeted With PoweRAT Malware


Software supply chain security firm Phylum has identified a malicious attack targeting Python Package Index (PyPI) users with the PoweRAT backdoor and information stealer.

The campaign was first detected on December 22, 2022, when a malicious package named PyroLogin was identified as Python malware designed to fetch code from a remote server and execute it silently.

Between December 28 and 31, Phylum’s security researchers observed five additional packages containing code similar to PyroLogin being published to PyPI: EasyTimeStamp, Discorder, Discord-dev,, and PythonStyles.

Read more…