Code packages as a gateway

B2B Cyber ​​Security ShortNews

Share post

Security researchers highlight another scam that has become popular among hackers over the past few years. Infected code packages with malicious command lines serve as shock troops.

Check Point Software's research department warns all IT security personnel about fraudulent code packages. This scam can be counted among the supply chain attacks and value chain attacks, which have increased significantly. Cyber ​​criminals try to penetrate the systems of entrepreneurs and private individuals in various ways, and code packages are the new vehicle of hackers.


Code packages as vehicles

Over the last few years, criminals have increasingly misused them for their purposes: either smuggling malicious command lines into genuine code packages distributed via online repositories and package managers, or simply releasing malicious code packages themselves that look legitimate . Above all, this brings the actually trustworthy third-party providers of such repositories into disrepute and has an impact on the often widespread IT ecosystems of open source. Especially Node.js (NPM) and Python (PyPi) are targeted.

Example 1

On August 8th, the infected code package Python-drgn was uploaded to PyPi, abusing the name of the real package drgn. Those who download and use it allow the hackers behind them to collect users' private information to sell it, impersonate them, take over user accounts and collect information about victims' employers. These are sent to a private Slack channel. The dangerous thing is that it only includes a file, which is used in the Python language for installations only and automatically fetches Python packages without user interaction. This alone makes the file suspicious since all other usual source files are missing. The malicious part therefore hides in this setup file.


Example 2

The infected code package bloxflip was also offered on PyPi, which abuses the name of This first disables Windows Defender to avoid detection. After that, it downloads an executable file (.exe) using Python's Get function. A sub-process is then started and the file is executed in the sensitive, because privileged, developer environment of the system.

The year 2022 shows how important the warning of security researchers against this method is: The number of malicious code packages increased by 2021 percent compared to 633.

More at


About check point

Check Point Software Technologies GmbH ( is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.


Matching articles on the topic

SAP patches close serious security gaps

On its patch day, SAP published a list of 19 new security gaps and related updates. This is also necessary, because ➡ Read more

Top malware in Q1-2023: Qbot, Formbook, Emotet

Check Point's Spring 2023 Global Threat Index shows that malware Qbot, Formbook, and Emotet am ➡ Read more

Lazarus: New backdoor against targets in Europe 

The APT group Lazarus, known for many attacks, is also using a new backdoor malware against targets in Europe. The purposes ➡ Read more

Mobile Security Report: 2 new malware apps every minute 

Android smartphone owners are at high cyber risk. Mobile Security: Although the attacks are fewer, they are much better executed. ➡ Read more

Critical vulnerabilities in Lexmark printers

The manufacturer of corporate printers Lexmark has once again warned its users of critical vulnerabilities. In dozens of his models are in the ➡ Read more

ALPHV claims to have hacked camera manufacturer Ring

In addition to many private users, the provider Ring also supplies small companies with cameras, surveillance systems and video doorbells. Now you can find it ➡ Read more

BSI warns: exploitation of a vulnerability in MS Outlook

The BSI warns of a vulnerability in Outlook that is apparently already being actively exploited. The CVSS score of the vulnerability is enclosed ➡ Read more

Backdoor: Chinese hacker group attacks Europe

The Chinese hacker group Mustang Panda is stepping up its attacks on targets in Europe, Australia and Taiwan. Researchers from the IT security manufacturer ESET covered ➡ Read more