Security News > 2022 > August > 241 npm and PyPI packages caught dropping Linux cryptominers

241 npm and PyPI packages caught dropping Linux cryptominers
2022-08-19 20:11

More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week.

These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.

Researchers have caught at least 241 malicious npm and PyPI packages that drop cryptominers after infecting Linux machines.

While the researcher was in the process of reporting these 33 malicious projects to PyPI admins, he noticed the threat actor began publishing another set of 22 packages with the same malicious payload. "After I reported them to PyPI, they were quickly deleted - but the malicious actor was still in the process of uploading more packages, and uploaded another 22," Lübbers tells BleepingComputer.

The Sonatype security research team that I'm a part of, disclosed another 186 npm typosquatting packages today making contact with the same URL to download the malicious Bash script.

Earlier this month, cybersecurity firm CheckPoint outed 10 malicious PyPI packages caught stealing developer credentials.


News URL

https://www.bleepingcomputer.com/news/security/241-npm-and-pypi-packages-caught-dropping-linux-cryptominers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 384 2365 1508 667 4924
Pypi 14 0 0 14 0 14