The Malawi Computer Emergency Response Team (Malawi CERT) is urging people to exercise caution when using Python libraries, especially those available on the PyPI repository. The warning follows the discovery by ReversingLabs of 41 malicious Python packages that are posing as legitimate modules on PyPI.
The Malawi CERT is advising users to verify package integrity before installation by checking package names, descriptions, and their creators’ identity. We also recommends installing packages from trusted sources, limiting the number of packages used, and keeping software and security measures up-to-date.
Overall, it is essential to remain vigilant and take the necessary precautions to protect against the growing threat of malware in the software development process. This requires constant vigilance and continuous learning to keep up with the ever-evolving threat landscape.