The threat of software supply chain attacks has taken center stage in 2022. And threats posed by open source repositories specifically have been made more clear in the newer software supply chain attacks that are unfolding.
The Python Package Index (PyPI), a popular open source repository, has recently been abused by malicious actors to carry out these kinds of attacks. This past August, ReversingLabs researchers discovered several malicious software packages on PyPI, with some delivering the Parallax RAT malware as a final payload.
This deminar features ReversingLabs researchers who helped make these PyPI discoveries. In their presentation, researchers Robert Perica and Karlo Zanki explained:
• How they discovered this malicious PyPI campaign
• The attack’s impact
• The state of software supply chain attacks at-large
• How to detect risks from open source repository use