Advisories for Pypi/SentinelOne package

2022

SentinelOne impersonated via PyPI packages

In December 2022, threat actors impersonated SentinelOne by uploading fake software development kits (SDKs) onto PyPI. The SDKs contain fully functional SentinelOne clients, but the packages also contained malicious backdoors that are only executed when called on programmatically, as opposed to during installation. The packages have since been taken down from PyPI.