Security researchers have found hundreds of malicious packages infiltrated into PyPI and npm registries that carry a cryptominer script in their code.
Most of these packages are typosquats, resembling their names with that of popular PyPI or npm packages to get unsuspecting installs. While the operation seems to be down as of now, it’s still a growing threat to this community.
Typosquatting as the Major Technique
Despite having tighter security rules like a mandatory 2FA authentication for high-priority accounts , the JavaScript and Python package registries are still targeted with malicious attacks.
The latest one is spotted by a security researcher named Hauke Lübbers , who shared that “at least 33 projects” on PyPI had XMRig – an open-source Monero cryptominer. These projects are mostly typosquats of other popular packages like React , argparse , and AIOHTTP , and carry cryptomininers in their scripts.
And yet another #python #pypi typosquatter: Uploaded at least 33 projects within 3 hours. Some examples: – argpars – dataclasses-jso – jupyter-cor – azure-mgmt-containerregistr – python-dateuitl – iohttp 7 minutes between report and takedown – awesome @di_codes ! pic.twitter.com/kUbS7PkSGQ — Hauke Lübbers (@streamlin3d) August 17, 2022
