Skip to content

Latest commit

 

History

History
187 lines (182 loc) · 7.69 KB

README.md

File metadata and controls

187 lines (182 loc) · 7.69 KB

PyPI Malware

Info

PyPI is a well known Python packages repository. Everyone can upload modules to PyPI without any security checks or audits.

Legacy package format is based on distutils module and requires setup.py script. This script is run on local machine once package is been installed.

How to verify

pip freeze | grep "distrib\|djanga\|easyinstall\|junkeldat\|libpeshka\|mumpy\|mybiubiubiu\|nmap-python\|openvc\|python-ftp\|pythonkafka\|python-mongo\|python-mysql\|python-mysqldb\|python-openssl\|python-sqlite\|smb\|virtualnv"

How to be secure

Malware packages

Package Versions Remote Host Info
distrib distrib-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
djanga djanga-0.1 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
djanga-0.2
djanga-0.3
easyinstall easyinstall-37.0.0 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
easyinstall-39.0.0
easyinstall-39.1.0
easyinstall-40.0.0
easyinstall-41.0.0
easyinstall-42.0.0
junkeldat junkeldat-1.0 www.dl01.pwnz.org Seems broken.
libpeshka libpeshka-0.2 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
libpeshka-0.3
libpeshka-0.4
libpeshka-0.5
libpeshka-0.6
mumpy mumpy-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
mybiubiubiu mybiubiubiu-0.1.0 http://snowty.cn Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
mybiubiubiu-0.1.1
mybiubiubiu-0.1.2
mybiubiubiu-0.1.3
mybiubiubiu-0.1.4
mybiubiubiu-0.1.6
nmap-python nmap-python-0.6.1 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
openvc openvc-1.0.0 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
python-ftp python-ftp-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
pythonkafka pythonkafka-1.3.5 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mongo python-mongo-0.2.0 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mysql python-mysql-1.0.0 http://mysql.openvc.org Uploads username, hostname, ip to remote host.
python-mysqldb python-mysqldb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-openssl python-openssl-0.1 http://openvc.org Uploads username, hostname, ip to remote host.
python-sqlite python-sqlite-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
smb smb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
virtualnv virtualnv-0.1.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.