ZDNet published an article recently about a newly discovered set of malware-related Python packages on the Python Package Index (PyPI). These packages contained a backdoor that would only activate when installed on Linux.
These packages were named:
They were written by a user named ruri12. These packages were removed by the PyPI team on July 9, 2019. However they were available since November 2017 and had been downloaded fairly regularly.
See the original article for more details.
As always, when using a package that you aren’t familiar with, be sure to do your own thorough vetting to be sure you are not installing malware accidentally.
- ZDNet – Malicious Python libraries targeting Linux servers removed from PyPI
- More typo-squatting Malware Found on PyPI
- Malicious Libraries Found on Python Package Index (PyPI)