Pypi Malware Save

PyPI malware packages

Project README

PyPI Malware

Info

PyPI is a well known Python packages repository. Everyone can upload modules to PyPI without any security checks or audits.

Legacy package format is based on distutils module and requires setup.py script. This script is run on local machine once package is been installed.

How to verify

pip freeze | grep "distrib\|djanga\|easyinstall\|junkeldat\|libpeshka\|mumpy\|mybiubiubiu\|nmap-python\|openvc\|python-ftp\|pythonkafka\|python-mongo\|python-mysql\|python-mysqldb\|python-openssl\|python-sqlite\|smb\|virtualnv"

How to be secure

use "wheels"
always double check package name
do not run pip as root/admin
use pip hash-checking mode

Malware packages

Package	Versions	Remote Host	Info
distrib	distrib-0.1	packageman.comlu.com	Sends hostname + OS environment variables to remote host.
djanga	djanga-0.1	145.249.104.71	Linux malware. Downloads executable and adds it to .bashrc.
	djanga-0.2
	djanga-0.3
easyinstall	easyinstall-37.0.0	145.249.104.71	Linux malware. Downloads executable and adds it to .bashrc.
	easyinstall-39.0.0
	easyinstall-39.1.0
	easyinstall-40.0.0
	easyinstall-41.0.0
	easyinstall-42.0.0
junkeldat	junkeldat-1.0	www.dl01.pwnz.org	Seems broken.
libpeshka	libpeshka-0.2	145.249.104.71	Linux malware. Downloads executable and adds it to .bashrc.
	libpeshka-0.3
	libpeshka-0.4
	libpeshka-0.5
	libpeshka-0.6
mumpy	mumpy-0.1	packageman.comlu.com	Sends hostname + OS environment variables to remote host.
mybiubiubiu	mybiubiubiu-0.1.0	http://snowty.cn	Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
	mybiubiubiu-0.1.1
	mybiubiubiu-0.1.2
	mybiubiubiu-0.1.3
	mybiubiubiu-0.1.4
	mybiubiubiu-0.1.6
nmap-python	nmap-python-0.6.1	http://openvc.org	Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
openvc	openvc-1.0.0	http://openvc.org	Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
python-ftp	python-ftp-2.4	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
pythonkafka	pythonkafka-1.3.5	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
python-mongo	python-mongo-0.2.0	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
python-mysql	python-mysql-1.0.0	http://mysql.openvc.org	Uploads username, hostname, ip to remote host.
python-mysqldb	python-mysqldb-2.4	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
python-openssl	python-openssl-0.1	http://openvc.org	Uploads username, hostname, ip to remote host.
python-sqlite	python-sqlite-2.4	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
smb	smb-2.4	http://us.dslab.pw	Uploads username, hostname, ip to remote host.
virtualnv	virtualnv-0.1.1	packageman.comlu.com	Sends hostname + OS environment variables to remote host.

Open Source Agenda is not affiliated with "Pypi Malware" Project. README Source: rsc-dev/pypi_malware

Stars

Open Issues

Last Commit

5 years ago

Repository

rsc-dev/pypi_malware

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/pypi-malware"><img src="https://www.opensourceagenda.com/projects/pypi-malware/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022