Malware Report
Title
Obfuscated PyPI Packages Purporting to be i18n Libraries Actually Stealing Telegram Data
Report Author
Phylum Research Team
Published At
1698728400000
Updated At
1698728400000
Description
Phylum discovered two packages published to PyPI on October 28 that claim to be libraries for simplifying internationalization. The files were highly obfuscated and upon further inspection were found to contain malicious code designed to steal sensitive Telegram Desktop application data and system information, which it then sends to an
Malware Packages (2)
The following malware packages were identified in this report.
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |
|---|---|---|---|---|---|
| Pypi Package | localization-utils | Phylum discovered two packages published to PyPI on October 28 that claim to be libraries for simplifying internationalization. The files were highly obfuscated and upon further inspection were found to contain malicious code designed to steal sensitive Telegram Desktop application data and system information, which it then sends to an | |||
| Pypi Package | locute | Phylum discovered two packages published to PyPI on October 28 that claim to be libraries for simplifying internationalization. The files were highly obfuscated and upon further inspection were found to contain malicious code designed to steal sensitive Telegram Desktop application data and system information, which it then sends to an | |||
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |