Re: Malicious packages in PyPI module.

Version 1

Last scraped

Scraped on 11/04/2025, 17:16:09 UTC

Quote from: ABCbits on April 10, 2025, 09:23:23 AM

It's nothing new, using library programming distribution is common way to spread malware.

Unfortunately this is true, and we can do nothing to cut off this way.

Quote from: ABCbits on April 10, 2025, 09:23:23 AM

Although it's weird malicious package called "disgrasya" downloaded over 37K times, when searching "disgrasya" on Google leads to dictionary/language website rather than programming website.

This is likely due to PyPI's prompt action in immediately removing the 'disgrasya' package from repository after it was identified as malicious. ^{Nothing to index for Google's bots over there.}

Quote from: ABCbits on April 10, 2025, 09:23:23 AM

P.S. I don't think this thread belongs on "Beginners & Help", since average people don't need to install Python package manually.

Agreed and move it here.

Original archived Re: Malicious packages in PyPI module.

Scraped on 11/04/2025, 17:10:55 UTC

Quote from: ABCbits on April 10, 2025, 09:23:23 AM

It's nothing new, using library programming distribution is common way to spread malware.

Unfortunately this is true, and we can do nothing to cut off this way.

Quote from: ABCbits on April 10, 2025, 09:23:23 AM

Although it's weird malicious package called "disgrasya" downloaded over 37K times, when searching "disgrasya" on Google leads to dictionary/language website rather than programming website.

This is likely due to PyPI's prompt action in immediately removing the 'disgrasya' package from repository after it was identified as malicious. ^{Nothing to index for Google's bots.}

Quote from: ABCbits on April 10, 2025, 09:23:23 AM

P.S. I don't think this thread belongs on "Beginners & Help", since average people don't need to install Python package manually.

Agreed and move it here.