PyPI and other language-based repositories are increasingly being used by threat actors to distribute malware. Due to this, it is important to make sure that package installations are being done in a secure manner, to prevent an incidental infection within an organization. It is recommended that all imported libraries into an application are verified by developers, to make sure that there are no accidental typos in library names. Threat actors rely on accidental typos when installing packages, so verifying that there are none prior to installation can help prevent such an attack from occurring. Likewise, it is recommended to use virtualized environments and sandboxes when developing and testing an application. This can help prevent an infection from occurring in a production or otherwise network-connected environment. Finally, deploying and maintaining endpoint security controls, such as an EDR, on all devices is highly recommended to help detect and prevent infections such as these. In cases where prevention does not occur, custom detections can be created to help alert analysts to a potential infection. Binary Defense’s Managed Detection and Response service is an excellent asset to help asset with these types of custom detection needs.
https://thehackernews.com/2023/03/experts-identify-fully-featured-info.html
