Malicious Package Affecting args-python package, versions [0,]
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-ARGSPYTHON-5591088
- published 21 May 2023
- disclosed 21 May 2023
- credit Tzachi(Zack) Zorn - Checkmarx Security
How to fix?
Avoid using all malicious instances of the args-python
package.
Overview
args-python is a malicious package. This package contains encoded code that, upon execution downloads a second piece of malware hosted on a legitimate service (replit.com). The downloaded malware is designed to steal the victims information, including credentials, file names, screenshots etc.
References
CVSS Scores
version 3.1