Crypto malware found in official Python repository

Posted on Thursday, June 24 2021 @ 9:11 CEST by Thomas De Maesschalck

Security researchers discovered the official Python repository contained malware code. Six packages were found that contained hidden cryptocurrency mining software. The packages were uploaded by "nedog123" and tried to infect users via typosquatting by using a slightly different variation of the name of legitimate packages.

For example, the attacker named the malware packages "mplatlib" or "maratlib" instead of the real "matplotlib". In total, the infected packages were downloaded around 5,000 times since April.

The malicious code is contained in the setup.py file of each of these packages. It causes infected computers to use either the ubqminer or T-Rex cryptominer to mine digital coin and deposit it in the following address: 0x510aec7f266557b7de753231820571b13eb31b57.

How a college student tricked 17k coders into running his sketchy script PyPI has been a frequently abused repository since 2016 when a college student tricked 17,000 coders into running the sketchy script he posted there.

Full details at ARS Technica.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!