Fake Third-Party Python Libraries Are Stealing Information

Python removed two fake libraries from Python Package Index (PyPI) after a German developer, Lukas Martini, reported about the packages stealing critical information. Python was released almost three decades ago, but it was only embraced in the last few years due to the increase in artificial intelligence and data science-based third-party libraries. However, these very libraries can become the prime reason for Python's downfall. This is the third time Python org witnessed infiltration and extracting information -- the other three occurred in July 2019, October 2018, and September 2017. Typosquatting – a form of cybersquatting technique that takes advantage typos made by users to hack into information – was used for deceiving and getting access to sensitive data. The idea behind such a technique is to register a look-alike name for the genuine package name, so that when a developer makes a typo he/she might import the phoney library instead of the desired one.