This Week in Malware—Python Cryptominers, 345 Dependency Confusion Packages

By Ax Sharma on July 01, 2022 vulnerabilities

17 minute read time

This week's highlights include a PyPI typosquat that drops a cryptominer and AWS credential stealer, along with an influx of 345 dependency confusion packages caught by Sonatype's automated malware
Read More...

python-dateutils—A Cryptominer in Disguise Targeting Windows, Linux, macOS

By Ax Sharma on June 29, 2022 vulnerabilities

5 minute read time

We analyze a suspicious 'python-dateutils' PyPI package targeting Python developers to mine cryptocurrency after infecting their Windows, macOS or Linux systems.
Read More...

This Week in Malware—show me your secrets!

By Ax Sharma on June 24, 2022 vulnerabilities

3 minute read time

These Python packages not only exfiltrate your secrets—AWS credentials and environment variables but rather upload these to a publicly exposed endpoint.
Read More...

Python packages upload your AWS keys, env vars, secrets to the web

By Ax Sharma on June 23, 2022 vulnerabilities

5 minute read time

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.
Read More...

This Week in Malware—npm malware exfiltrates Windows SAM, Amazon EC2 credentials

By Ax Sharma on June 10, 2022 vulnerabilities

4 minute read time

Malicious packages caught this week exfiltrate Amazon EC2, Windows SAM credentials, and launch malicious executables.
Read More...

New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux

By Ax Sharma on May 20, 2022 vulnerabilities

5 minute read time

The 'pymafka' PyPI package is filled with trojans targeting Windows, macOS & Linux users and appears to typosquat the popular PyKafka, a programmer-friendly Apache Kafka client for Python.
Read More...

Trojanized PyPI Package Imitates a Popular Python Server Library

By Ax Sharma on February 27, 2022 vulnerabilities

7 minute read time

A trojanized PyPI component 'aiohttp-socks5' has been identified by Sonatype's automated malware detection system, imitating the real 'aiohttp-socks' lib.
Read More...

PyPI, NuGet, npm Flooded with Roblox and Fortnite Spam: What Draws OSS Attackers to Gamers?

By Ax Sharma on February 15, 2022 vulnerabilities

7 minute read time

Spammers flood PyPI, NuGet and npm with bogus Roblox and Fortnite spam, as open source attacks leveraging gaming platforms continue to increase.
Read More...

PyPI Flooded with 1,275 Dependency Confusion Packages

By Ax Sharma on January 24, 2022 vulnerabilities

5 minute read time

Popular Python open source software repository, PyPI has been flooded with over 1,200 dependency confusion packages by the same actor.
Read More...