Malicious Package Affecting nagogy package, versions [0,]
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-NAGOGY-5591091
- published 21 May 2023
- disclosed 21 May 2023
- credit Tzachi(Zack) Zorn - Checkmarx Security
How to fix?
Avoid using all malicious instances of the nagogy
package.
Overview
nagogy is a malicious package. This package contains encoded code that, upon execution downloads a second piece of malware hosted on a legitimate service (replit.com). The downloaded malware is designed to steal the victims information, including credentials, file names, screenshots etc.
References
CVSS Scores
version 3.1