PyPI malware packages
PyPI is a well known Python packages repository. Everyone can upload modules to PyPI without any security checks or audits.
Legacy package format is based on distutils module and requires setup.py script. This script is run on local machine once package is been installed.
pip freeze | grep "distrib\|djanga\|easyinstall\|junkeldat\|libpeshka\|mumpy\|mybiubiubiu\|nmap-python\|openvc\|python-ftp\|pythonkafka\|python-mongo\|python-mysql\|python-mysqldb\|python-openssl\|python-sqlite\|smb\|virtualnv"
Package | Versions | Remote Host | Info |
distrib | distrib-0.1 | packageman.comlu.com | Sends hostname + OS environment variables to remote host. |
djanga | djanga-0.1 | 145.249.104.71 | Linux malware. Downloads executable and adds it to .bashrc. |
djanga-0.2 | |||
djanga-0.3 | |||
easyinstall | easyinstall-37.0.0 | 145.249.104.71 | Linux malware. Downloads executable and adds it to .bashrc. |
easyinstall-39.0.0 | |||
easyinstall-39.1.0 | |||
easyinstall-40.0.0 | |||
easyinstall-41.0.0 | |||
easyinstall-42.0.0 | |||
junkeldat | junkeldat-1.0 | www.dl01.pwnz.org | Seems broken. |
libpeshka | libpeshka-0.2 | 145.249.104.71 | Linux malware. Downloads executable and adds it to .bashrc. |
libpeshka-0.3 | |||
libpeshka-0.4 | |||
libpeshka-0.5 | |||
libpeshka-0.6 | |||
mumpy | mumpy-0.1 | packageman.comlu.com | Sends hostname + OS environment variables to remote host. |
mybiubiubiu | mybiubiubiu-0.1.0 | http://snowty.cn | Uploads some data (i.e. username, hostname, ip, etc.) to remote host. |
mybiubiubiu-0.1.1 | |||
mybiubiubiu-0.1.2 | |||
mybiubiubiu-0.1.3 | |||
mybiubiubiu-0.1.4 | |||
mybiubiubiu-0.1.6 | |||
nmap-python | nmap-python-0.6.1 | http://openvc.org | Uploads some data (i.e. username, hostname, ip, etc.) to remote host. |
openvc | openvc-1.0.0 | http://openvc.org | Uploads some data (i.e. username, hostname, ip, etc.) to remote host. |
python-ftp | python-ftp-2.4 | http://us.dslab.pw | Uploads username, hostname, ip to remote host. |
pythonkafka | pythonkafka-1.3.5 | http://us.dslab.pw | Uploads username, hostname, ip to remote host. |
python-mongo | python-mongo-0.2.0 | http://us.dslab.pw | Uploads username, hostname, ip to remote host. |
python-mysql | python-mysql-1.0.0 | http://mysql.openvc.org | Uploads username, hostname, ip to remote host. |
python-mysqldb | python-mysqldb-2.4 | http://us.dslab.pw | Uploads username, hostname, ip to remote host. |
python-openssl | python-openssl-0.1 | http://openvc.org | Uploads username, hostname, ip to remote host. |
python-sqlite | python-sqlite-2.4 | http://us.dslab.pw | Uploads username, hostname, ip to remote host. |
smb | smb-2.4 | http://us.dslab.pw | Uploads username, hostname, ip to remote host. |
virtualnv | virtualnv-0.1.1 | packageman.comlu.com | Sends hostname + OS environment variables to remote host. |