Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

rsc-dev/pypi_malware

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

7 Commits

Repository files navigation

PyPI Malware

Info

PyPI is a well known Python packages repository. Everyone can upload modules to PyPI without any security checks or audits.

Legacy package format is based on distutils module and requires setup.py script. This script is run on local machine once package is been installed.

How to verify

pip freeze | grep "distrib\|djanga\|easyinstall\|junkeldat\|libpeshka\|mumpy\|mybiubiubiu\|nmap-python\|openvc\|python-ftp\|pythonkafka\|python-mongo\|python-mysql\|python-mysqldb\|python-openssl\|python-sqlite\|smb\|virtualnv"

How to be secure

Malware packages

Package Versions Remote Host Info
distrib distrib-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
djanga djanga-0.1 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
djanga-0.2
djanga-0.3
easyinstall easyinstall-37.0.0 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
easyinstall-39.0.0
easyinstall-39.1.0
easyinstall-40.0.0
easyinstall-41.0.0
easyinstall-42.0.0
junkeldat junkeldat-1.0 www.dl01.pwnz.org Seems broken.
libpeshka libpeshka-0.2 145.249.104.71 Linux malware. Downloads executable and adds it to .bashrc.
libpeshka-0.3
libpeshka-0.4
libpeshka-0.5
libpeshka-0.6
mumpy mumpy-0.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.
mybiubiubiu mybiubiubiu-0.1.0 http://snowty.cn Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
mybiubiubiu-0.1.1
mybiubiubiu-0.1.2
mybiubiubiu-0.1.3
mybiubiubiu-0.1.4
mybiubiubiu-0.1.6
nmap-python nmap-python-0.6.1 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
openvc openvc-1.0.0 http://openvc.org Uploads some data (i.e. username, hostname, ip, etc.) to remote host.
python-ftp python-ftp-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
pythonkafka pythonkafka-1.3.5 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mongo python-mongo-0.2.0 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-mysql python-mysql-1.0.0 http://mysql.openvc.org Uploads username, hostname, ip to remote host.
python-mysqldb python-mysqldb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
python-openssl python-openssl-0.1 http://openvc.org Uploads username, hostname, ip to remote host.
python-sqlite python-sqlite-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
smb smb-2.4 http://us.dslab.pw Uploads username, hostname, ip to remote host.
virtualnv virtualnv-0.1.1 packageman.comlu.com Sends hostname + OS environment variables to remote host.

About

PyPI malware packages

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

AltStyle によって変換されたページ (->オリジナル) /