Researchers from Sonatype, a company which commonly scans for typosquatting packages on cod repositories have identified the six typo-squatted packages in PYPI (a repository for Python programming packages) which secretly pulls in cryptomining malware.

Below are the list of malicious packages with morethan 5000 downloads :

  • maratlib
  • maratlib1
  • matplatlib-plus
  • mllearnlib
  • mplatlib
  • learninglib

Incidentally, all these packages were posted by the same author named “nedog” during the month april.

“Our primary focus for this analysis is “maratlib” because most other malicious components simply pull in this one as a dependency.

some of these packages are “typosquats,” or programs that are expected to be grabbed by people accidentally typing in the wrong name. For example, the counterfeit “mplatlib” and “matplatlib-plus” are named after the legitimate Python plotting software “matplotlib.” reads the blog.

Image: The dependency referred to as ‘LKEK’ is once again “maratlib”

“For each of these packages, the malicious code is contained in the file which is a build script that runs during a package’s installation” reads the blog.

Once again it has proved that the developers are the real target for the hackers on the program they develop in the goal of turning into cryptominers.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s