{"id":29692191,"url":"https://github.com/rsc-dev/pypi_malware","last_synced_at":"2025-07-30T17:08:57.215Z","repository":{"id":81354486,"uuid":"160936823","full_name":"rsc-dev/pypi_malware","owner":"rsc-dev","description":"PyPI malware packages","archived":false,"fork":false,"pushed_at":"2018-12-12T17:23:45.000Z","size":761,"stargazers_count":58,"open_issues_count":0,"forks_count":7,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-07-23T07:47:19.973Z","etag":null,"topics":["malware-research","pypi-packages"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rsc-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-12-08T12:26:14.000Z","updated_at":"2024-10-09T19:02:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"4ef8291f-ae89-427d-ad63-5963b7cd1b48","html_url":"https://github.com/rsc-dev/pypi_malware","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rsc-dev/pypi_malware","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsc-dev%2Fpypi_malware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsc-dev%2Fpypi_malware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsc-dev%2Fpypi_malware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsc-dev%2Fpypi_malware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rsc-dev","download_url":"https://codeload.github.com/rsc-dev/pypi_malware/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rsc-dev%2Fpypi_malware/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267906652,"owners_count":24164128,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["malware-research","pypi-packages"],"created_at":"2025-07-23T07:34:22.073Z","updated_at":"2025-07-30T17:08:57.195Z","avatar_url":"https://github.com/rsc-dev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PyPI Malware\n\n## Info\nPyPI is a well known Python packages repository. \nEveryone can upload modules to PyPI without any security checks or audits.\n\nLegacy package format is based on distutils module and requires setup.py script.\nThis script is run on local machine once package is been installed.\n\n## How to verify\n```bash\npip freeze | grep \"distrib\\|djanga\\|easyinstall\\|junkeldat\\|libpeshka\\|mumpy\\|mybiubiubiu\\|nmap-python\\|openvc\\|python-ftp\\|pythonkafka\\|python-mongo\\|python-mysql\\|python-mysqldb\\|python-openssl\\|python-sqlite\\|smb\\|virtualnv\"\n```\n\n## How to be secure\n* use [\"wheels\"](https://pythonwheels.com/)\n* always double check package name\n* do not run pip as root/admin\n* use pip [hash-checking mode](https://pip.pypa.io/en/stable/reference/pip_install/#hash-checking-mode)\n\n## Malware packages\n\u003ctable style=\"width: 700px;\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003cstrong\u003ePackage\u003c/strong\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003e\u003cstrong\u003eVersions\u003c/strong\u003e\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003e\u003cstrong\u003eRemote Host\u003c/strong\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003e\u003cstrong\u003eInfo\u003c/strong\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/distrib\"\u003edistrib\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003edistrib-0.1\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003epackageman.comlu.com\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eSends hostname + OS environment variables to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\" rowspan=\"3\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/djanga\"\u003edjanga\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003edjanga-0.1\u003c/td\u003e\n\u003ctd style=\"width: 27px;\" rowspan=\"3\"\u003e145.249.104.71\u003c/td\u003e\n\u003ctd style=\"width: 131px;\" rowspan=\"3\"\u003eLinux malware. Downloads executable and adds it to .bashrc.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003edjanga-0.2\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003edjanga-0.3\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\" rowspan=\"6\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/easyinstall\"\u003eeasyinstall\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eeasyinstall-37.0.0\u003c/td\u003e\n\u003ctd style=\"width: 27px;\" rowspan=\"6\"\u003e145.249.104.71\u003c/td\u003e\n\u003ctd style=\"width: 131px;\" rowspan=\"6\"\u003eLinux malware. Downloads executable and adds it to .bashrc.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003eeasyinstall-39.0.0\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003eeasyinstall-39.1.0\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003eeasyinstall-40.0.0\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003eeasyinstall-41.0.0\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003eeasyinstall-42.0.0\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/junkeldat\"\u003ejunkeldat\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003ejunkeldat-1.0\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ewww.dl01.pwnz.org\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eSeems broken.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\" rowspan=\"5\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/libpeshka\"\u003elibpeshka\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003elibpeshka-0.2\u003c/td\u003e\n\u003ctd style=\"width: 27px;\" rowspan=\"5\"\u003e145.249.104.71\u003c/td\u003e\n\u003ctd style=\"width: 131px;\" rowspan=\"5\"\u003eLinux malware. Downloads executable and adds it to .bashrc.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003elibpeshka-0.3\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003elibpeshka-0.4\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003elibpeshka-0.5\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003elibpeshka-0.6\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/mumpy\"\u003emumpy\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003emumpy-0.1\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003epackageman.comlu.com\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eSends hostname + OS environment variables to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\" rowspan=\"6\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/mybiubiubiu\"\u003emybiubiubiu\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003emybiubiubiu-0.1.0\u003c/td\u003e\n\u003ctd style=\"width: 27px;\" rowspan=\"6\"\u003ehttp://snowty.cn\u003c/td\u003e\n\u003ctd style=\"width: 131px;\" rowspan=\"6\"\u003eUploads some data (i.e. username, hostname, ip, etc.) to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003emybiubiubiu-0.1.1\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003emybiubiubiu-0.1.2\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003emybiubiubiu-0.1.3\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003emybiubiubiu-0.1.4\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 131px;\"\u003emybiubiubiu-0.1.6\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/nmap-python\"\u003enmap-python\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003enmap-python-0.6.1\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://openvc.org\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads some data (i.e. username, hostname, ip, etc.) to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/openvc\"\u003eopenvc\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eopenvc-1.0.0\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://openvc.org\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads some data (i.e. username, hostname, ip, etc.) to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/python-ftp\"\u003epython-ftp\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003epython-ftp-2.4\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://us.dslab.pw\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads username, hostname, ip to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/pythonkafka\"\u003epythonkafka\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003epythonkafka-1.3.5\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://us.dslab.pw\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads username, hostname, ip to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/python-mongo\"\u003epython-mongo\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003epython-mongo-0.2.0\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://us.dslab.pw\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads username, hostname, ip to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/python-mysql\"\u003epython-mysql\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003epython-mysql-1.0.0\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://mysql.openvc.org\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads username, hostname, ip to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/python-mysqldb\"\u003epython-mysqldb\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003epython-mysqldb-2.4\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://us.dslab.pw\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads username, hostname, ip to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/python-openssl\"\u003epython-openssl\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003epython-openssl-0.1\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://openvc.org\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads username, hostname, ip to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/python-sqlite\"\u003epython-sqlite\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003epython-sqlite-2.4\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://us.dslab.pw\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads username, hostname, ip to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/smb\"\u003esmb\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003esmb-2.4\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003ehttp://us.dslab.pw\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eUploads username, hostname, ip to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 110px;\"\u003e\u003ca href=\"https://github.com/rsc-dev/pypi_malware/tree/master/malware/virtualnv\"\u003evirtualnv\u003c/a\u003e\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003evirtualnv-0.1.1\u003c/td\u003e\n\u003ctd style=\"width: 27px;\"\u003epackageman.comlu.com\u003c/td\u003e\n\u003ctd style=\"width: 131px;\"\u003eSends hostname + OS environment variables to remote host.\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frsc-dev%2Fpypi_malware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frsc-dev%2Fpypi_malware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frsc-dev%2Fpypi_malware/lists"}