Skip to content
PyPI malware packages
Python HTML Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
malware
LICENSE
README.md

README.md

PyPI Malware

Info

PyPI is a well known Python packages repository. Everyone can upload modules to PyPI without any security checks or audits.

Legacy package format is based on distutils module and requires setup.py script. This script is run on local machine once package is been installed.

How to verify

pip freeze | grep "distrib\|djanga\|easyinstall\|junkeldat\|libpeshka\|mumpy\|mybiubiubiu\|nmap-python\|openvc\|python-ftp\|pythonkafka\|python-mongo\|python-mysql\|python-mysqldb\|python-openssl\|python-sqlite\|smb\|virtualnv"

How to be secure

Malware packages

Package Versions Remote Host Info
distrib distrib-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
djanga djanga-0.1 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
djanga-0.2
djanga-0.3
easyinstall easyinstall-37.0.0 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
easyinstall-39.0.0
easyinstall-39.1.0
easyinstall-40.0.0
easyinstall-41.0.0
easyinstall-42.0.0
junkeldat junkeldat-1.0 www.dl01.pwnz.org Seems broken.
libpeshka libpeshka-0.2 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
libpeshka-0.3
libpeshka-0.4
libpeshka-0.5
libpeshka-0.6
mumpy mumpy-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
mybiubiubiu mybiubiubiu-0.1.0 http://snowty.cn Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
mybiubiubiu-0.1.1
mybiubiubiu-0.1.2
mybiubiubiu-0.1.3
mybiubiubiu-0.1.4
mybiubiubiu-0.1.6
nmap-python nmap-python-0.6.1 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
openvc openvc-1.0.0 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
python-ftp python-ftp-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
pythonkafka pythonkafka-1.3.5 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mongo python-mongo-0.2.0 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mysql python-mysql-1.0.0 http://mysql.openvc.org Uploads username, hostname, ip to remote host.
python-mysqldb python-mysqldb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-openssl python-openssl-0.1 http://openvc.org Uploads username, hostname, ip to remote host.
python-sqlite python-sqlite-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
smb smb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
virtualnv virtualnv-0.1.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
You can’t perform that action at this time.