Malicious PyPI packages hijack dev devices to mine cryptocurrency


Mallicious packages infiltrated in PyPI since April

This week, multiple malicious packages were caught in the PyPI repository for Python projects that turned developers’ workstations into cryptomining machines.

All malicious packages were published by the same account and tricked developers into downloading them thousands of times by using misspelled names of legitimate Python projects.

Read more…