Skip to content
master
Switch branches/tags
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Dec 8, 2018

PyPI Malware

Info

PyPI is a well known Python packages repository. Everyone can upload modules to PyPI without any security checks or audits.

Legacy package format is based on distutils module and requires setup.py script. This script is run on local machine once package is been installed.

How to verify

pip freeze | grep "distrib\|djanga\|easyinstall\|junkeldat\|libpeshka\|mumpy\|mybiubiubiu\|nmap-python\|openvc\|python-ftp\|pythonkafka\|python-mongo\|python-mysql\|python-mysqldb\|python-openssl\|python-sqlite\|smb\|virtualnv"

How to be secure

Malware packages

Package Versions Remote Host Info
distrib distrib-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
djanga djanga-0.1 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
djanga-0.2
djanga-0.3
easyinstall easyinstall-37.0.0 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
easyinstall-39.0.0
easyinstall-39.1.0
easyinstall-40.0.0
easyinstall-41.0.0
easyinstall-42.0.0
junkeldat junkeldat-1.0 www.dl01.pwnz.org Seems broken.
libpeshka libpeshka-0.2 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
libpeshka-0.3
libpeshka-0.4
libpeshka-0.5
libpeshka-0.6
mumpy mumpy-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
mybiubiubiu mybiubiubiu-0.1.0 http://snowty.cn Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
mybiubiubiu-0.1.1
mybiubiubiu-0.1.2
mybiubiubiu-0.1.3
mybiubiubiu-0.1.4
mybiubiubiu-0.1.6
nmap-python nmap-python-0.6.1 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
openvc openvc-1.0.0 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
python-ftp python-ftp-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
pythonkafka pythonkafka-1.3.5 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mongo python-mongo-0.2.0 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mysql python-mysql-1.0.0 http://mysql.openvc.org Uploads username, hostname, ip to remote host.
python-mysqldb python-mysqldb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-openssl python-openssl-0.1 http://openvc.org Uploads username, hostname, ip to remote host.
python-sqlite python-sqlite-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
smb smb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
virtualnv virtualnv-0.1.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.

About

PyPI malware packages

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published