Posted on Leave a comment

Researchers Discovers Six Typo-squatted Python Package in PYPI Repository.

Researchers from Sonatype, a company which commonly scans for typosquatting packages on cod repositories have identified the six typo-squatted packages in PYPI (a repository for Python programming packages) which secretly pulls in cryptomining malware.

Below are the list of malicious packages with morethan 5000 downloads :

  • maratlib
  • maratlib1
  • matplatlib-plus
  • mllearnlib
  • mplatlib
  • learninglib

Incidentally, all these packages were posted by the same author named “nedog” during the month april.

“Our primary focus for this analysis is “maratlib” because most other malicious components simply pull in this one as a dependency.

some of these packages are “typosquats,” or programs that are expected to be grabbed by people accidentally typing in the wrong name. For example, the counterfeit “mplatlib” and “matplatlib-plus” are named after the legitimate Python plotting software “matplotlib.” reads the blog.

Image: The dependency referred to as ‘LKEK’ is once again “maratlib”

“For each of these packages, the malicious code is contained in the setup.py file which is a build script that runs during a package’s installation” reads the blog.

Once again it has proved that the developers are the real target for the hackers on the program they develop in the goal of turning into cryptominers.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply