pypi · Malicious package advisory
Malwarefree-net-vpn2
GHSA-rqcv-3wp9-w2r3
free-net-vpn2 malicious PyPI package
Details
**Severity:** High **Affected versions:** `>= 0` Security researchers at Check Point Research discovered a malicious package called `free-net-vpn2` that targets environment variables. PyPI has since removed `free-net-vpn2`. **References:** - https://pypi.org/project/free-net-vpn2 - https://research.checkpoint.com/2022/cloudguard-spectral-detects-several-malicious-packages-on-pypi-the-official-software-repository-for-python-developers/ - https://github.com/advisories/GHSA-rqcv-3wp9-w2r3
Compromised versions (1)
- >= 0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.