Security News > 2022 > August > Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems
2022-08-15 11:42

A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems.

The module, named "Secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index on August 6, 2022 and is described as "Secrets matching and verification made easy."

"On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory, a technique largely employed by fileless malware and crypters," Sonatype researcher Ax Sharma disclosed in a report last week.

On top of that, the threat actor behind the package abused the identity and contact information of a legitimate software engineer working for Argonne National Laboratory, a U.S. Department of Energy-funded lab to lend credibility to the malware.

The idea, in a nutshell, is to trick users into downloading poisoned libraries by assigning them to trusted, popular maintainers without their knowledge or consent - a supply chain threat called package planting.

The development comes as PyPi took steps to purge 10 malicious packages that were orchestrated to harvest critical data points such as passwords and API tokens.


News URL

https://thehackernews.com/2022/08/newly-uncovered-pypi-package-drops.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2602 1595 67 4328
Pypi 15 0 0 1 15 16