Closed lutoma closed 4 years ago
Good find. The Gitlab user https://gitlab.com/olgired2017 was already reported and the malicious server http://68.183.212.246:32258
seems to be down.
The python security team just responded and they've removed the malicious packages, so unless there is some other action you want to take this can be closed I suppose.
😬 thanks for reporting this 👍
Just a quick heads-up: There is a fake version of this package called
jeIlyfish
(that first L is an I) on PyPI that contains malicious code starting at line 313 injeIlyfish/_jellyfish.py
:which deobfuscates to
I've sent an email to the Python security team and hope they'll take the package (as well as the other ones by the user) down soon, but in the meantime it might be a good idea to check if you have the correct version installed.