PyPI Malware

Info

PyPI is a well known Python packages repository. Everyone can upload modules to PyPI without any security checks or audits.

Legacy package format is based on distutils module and requires setup.py script. This script is run on local machine once package is been installed.

How to verify

pip freeze | grep "distrib\|djanga\|easyinstall\|junkeldat\|libpeshka\|mumpy\|mybiubiubiu\|nmap-python\|openvc\|python-ftp\|pythonkafka\|python-mongo\|python-mysql\|python-mysqldb\|python-openssl\|python-sqlite\|smb\|virtualnv"

How to be secure

use "wheels"
always double check package name
do not run pip as root/admin
use pip hash-checking mode

Malware packages

Package	Versions	Remote Host	Info
distrib	distrib-0.1	packageman.comlu.com	Sends hostname + OS environment variables to remote host.
djanga	djanga-0.1	145.249.104.71	Linux malware. Downloads executable and adds it to .bashrc.
	djanga-0.2
	djanga-0.3
easyinstall	easyinstall-37.0.0	145.249.104.71	Linux malware. Downloads executable and adds it to .bashrc.
	easyinstall-39.0.0
	easyinstall-39.1.0
	easyinstall-40.0.0
	easyinstall-41.0.0
	easyinstall-42.0.0
junkeldat	junkeldat-1.0	www.dl01.pwnz.org	Seems broken.
libpeshka	libpeshka-0.2	145.249.104.71	Linux malware. Downloads executable and adds it to .bashrc.
	libpeshka-0.3
	libpeshka-0.4
	libpeshka-0.5
	libpeshka-0.6
mumpy	mumpy-0.1	packageman.comlu.com	Sends hostname + OS environment variables to remote host.
mybiubiubiu	mybiubiubiu-0.1.0	http://snowty.cn	Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
	mybiubiubiu-0.1.1
	mybiubiubiu-0.1.2
	mybiubiubiu-0.1.3
	mybiubiubiu-0.1.4
	mybiubiubiu-0.1.6
nmap-python	nmap-python-0.6.1	http://openvc.org	Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
openvc	openvc-1.0.0	http://openvc.org	Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
python-ftp	python-ftp-2.4	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
pythonkafka	pythonkafka-1.3.5	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
python-mongo	python-mongo-0.2.0	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
python-mysql	python-mysql-1.0.0	http://mysql.openvc.org	Uploads username, hostname, ip to remote host.
python-mysqldb	python-mysqldb-2.4	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
python-openssl	python-openssl-0.1	http://openvc.org	Uploads username, hostname, ip to remote host.
python-sqlite	python-sqlite-2.4	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
smb	smb-2.4	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
virtualnv	virtualnv-0.1.1	packageman.comlu.com	Sends hostname + OS environment variables to remote host.

ossillate-inc / pypi_malware Goto Github PK

pypi_malware's Introduction

PyPI Malware

Info

How to verify

How to be secure

Malware packages

pypi_malware's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs