Malicious PyPI packages hijack dev devices to mine cryptocurrency

LASER_oneXM

Level 37
Verified
Feb 4, 2016
2,595
This week, multiple malicious packages were caught in the PyPI repository for Python projects that turned developers' workstations into cryptomining machines.
All malicious packages were published by the same account and tricked developers into downloading them thousands of times by using misspelled names of legitimate Python projects.
 
Top