Skip to content

rsc-dev/pypi_malware

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

malware

malware

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

PyPI Malware

Info

PyPI is a well known Python packages repository. Everyone can upload modules to PyPI without any security checks or audits.

Legacy package format is based on distutils module and requires setup.py script. This script is run on local machine once package is been installed.

How to verify

pip freeze | grep "distrib\|djanga\|easyinstall\|junkeldat\|libpeshka\|mumpy\|mybiubiubiu\|nmap-python\|openvc\|python-ftp\|pythonkafka\|python-mongo\|python-mysql\|python-mysqldb\|python-openssl\|python-sqlite\|smb\|virtualnv"

How to be secure

Malware packages

Package Versions Remote Host Info
distrib distrib-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
djanga djanga-0.1 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
djanga-0.2
djanga-0.3
easyinstall easyinstall-37.0.0 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
easyinstall-39.0.0
easyinstall-39.1.0
easyinstall-40.0.0
easyinstall-41.0.0
easyinstall-42.0.0
junkeldat junkeldat-1.0 www.dl01.pwnz.org Seems broken.
libpeshka libpeshka-0.2 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
libpeshka-0.3
libpeshka-0.4
libpeshka-0.5
libpeshka-0.6
mumpy mumpy-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
mybiubiubiu mybiubiubiu-0.1.0 http://snowty.cn Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
mybiubiubiu-0.1.1
mybiubiubiu-0.1.2
mybiubiubiu-0.1.3
mybiubiubiu-0.1.4
mybiubiubiu-0.1.6
nmap-python nmap-python-0.6.1 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
openvc openvc-1.0.0 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
python-ftp python-ftp-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
pythonkafka pythonkafka-1.3.5 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mongo python-mongo-0.2.0 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mysql python-mysql-1.0.0 http://mysql.openvc.org Uploads username, hostname, ip to remote host.
python-mysqldb python-mysqldb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-openssl python-openssl-0.1 http://openvc.org Uploads username, hostname, ip to remote host.
python-sqlite python-sqlite-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
smb smb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
virtualnv virtualnv-0.1.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.

About

PyPI malware packages

Topics

malware-research pypi-packages

Resources

Readme

License

Unlicense license
Activity

Stars

55 stars

Watchers

5 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages