Backdoor found in PyPI packages

PyPI packages "keep", "pyanxdns", "api-res-py" were found to be containing a backdoor due to the presence of malicious "request" dependency.

Most versions of the "keep" package use Python module requests for making HTTP requests, "keep" v.1.2 package contains "request" (without -s ) which is malware. A malicious "request" dependency has also been found in some versions of the PyPI packages "pyanxdns" and "api-res-py".

The following vulnerabilities have been identified:

CVE-2022-30877 – "keep" version 1.2 package contains the backdoor "request";
CVE-2022-30882 – "pyanxdns" package version 0.2 impacted;
CVE-2022-31313 - "api-res-py" package version 0.1 impacted.

The developer of the "pyanxdns" package, Marky Egebäck, reuploaded a new version to PyPI and deleted the version referencing the malicious "request" dependency.

Source: securitylab.ru

15 June 2022

439

The dangerous Crocodilus Banking Trojan spreads to Android smartphones

11 June 2025

New AyySSHush botnet has been discovered

02 June 2025

Malware spreading through the Google Play Store has been detected

25 September 2024