23. June 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

In the PyPI repository for Python projects that transformed workstations developers into crypto mining machines, many malicious packaging were captured this week. 

All malicious packages were uploaded on the very same account and the developers tried to install them by using the wrong names for the genuine Python projects, thousands of times. The Python Package Index is the official third-party 

Python software repository is stylized as PyPI and is also referred to as the Cheese Shop. It’s the same as CPAN, Perl’s repository. Some package managers, notably pip, use PyPI for packages as the default source. 

In April, a total of six harmful packages were infiltrated with the Python Package Index (PyPI) – maratlib, maratlib1, matplatlib-plus, mllearnlib, mplatlib, learning lab. Everything comes from “nedog123” and also most names are misspelled versions of the genuine plot program matplotlib. The “maratlib” packet was evaluated by Ax Sharma, a security researcher at Sonatype, in a blog post. He said the packages were utilized for other malicious components to make them dependent. 

The researcher writes, “For each of these packages, the malicious code is contained in the setup.py file which is a build script that runs during a package’s installation.” Sharma determined that it was attempting to download a Bash script (aza2.sh) from a non-existent GitHub repository during the analyses.