Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting

GitLab identified a PyPI attack deploying Shai-Hulud malware via five malicious packages.

• •Four Flask, Requests, NumPy typosquats and one weaponized legitimate project
• •Python .pth files enable auto-execution at install without requiring imports
• •Three-layer obfuscation: ROT-N cipher, AES-128-GCM encryption, variable-name mangling
• •Steals cloud and CI/CD credentials from GitHub, AWS, Azure, GCP, Kubernetes, databases
• •Self-propagates via stolen tokens to publish malicious packages across ecosystems

This summary was automatically generated by AI based on the original article and may not be fully accurate.