23 June 21, 11:47
Quote:A group of cryptominers was found to have infiltrated the Python Package Index (PyPI), which is a repository of software code created in the Python programming language.
Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects. Unfortunately, a single malicious package can be baked into multiple different projects – infecting them with cryptominers, info-stealers and more, and making remediation a complex process.
Researchers at Sonatype found six different malicious packages hiding in PyPI, which have a collective 5,000 downloads, all uploaded by a user with the handle “nedog123,” according to a Tuesday blog post.
These consist of a main package called “maratlib,” along with five others that use maratlib as a component: maratlib1; matplatlib-plus; mllearnlib; mplatlib and learninglib.
“Also, some of these packages are typosquats, or programs that are expected to be grabbed by people accidentally typing in the wrong name,” wrote Sontaype researcher Ax Sharma in the posting. “For example, the counterfeit mplatlib and matplatlib-plus are named after the legitimate Python plotting software [called] matplotlib.”
Read more: Cryptominers Slither into Python Projects in Supply-Chain Campaign | Threatpost