Malicious PyPI package impersonates SymPy to deploy XMRig miner

A deceptive package on the PyPI repository has been found impersonating the popular SymPy library. This malicious software targets Linux systems, downloading and executing the XMRig cryptocurrency miner through in-memory techniques. Security researchers have highlighted the risks posed by such supply chain attacks in open-source ecosystems.

The Python Package Index (PyPI), a key repository for Python developers, has become a vector for malware distribution. Researchers at The Hacker News reported the discovery of a fake package named "sympy-dev," designed to mimic the legitimate SymPy mathematical library. Upon installation, this package does not provide the expected functionality but instead initiates a stealthy payload.

Specifically, the malware fetches and runs the XMRig miner, a tool commonly used for Monero cryptocurrency mining, on Linux hosts. It employs in-memory execution methods to evade detection by traditional antivirus software, allowing the miner to operate without writing files to disk. This approach minimizes forensic footprints and complicates removal efforts.

Such incidents underscore vulnerabilities in software supply chains, where developers might unwittingly install compromised dependencies. The SymPy library, widely used for symbolic mathematics in scientific computing, serves as an attractive target due to its popularity. No specific victims or widespread impacts were detailed in the report, but the event serves as a reminder for users to verify package authenticity and monitor for unusual system behavior.

Experts recommend scanning dependencies with tools like pip-audit and keeping libraries updated to mitigate these threats. As open-source platforms grow, vigilance against impersonation tactics remains crucial for maintaining trust in the ecosystem.

Makala yanayohusiana

Developer platform Socket has identified a malware known as TrapDoor that is targeting crypto and AI developers.

Imeripotiwa na AI

Seventy-three Microsoft open source packages were compromised late last week with malware that steals credentials from cloud services and developer tools. The malicious code activates when opened in AI coding agents.

Jumanne, 16. Mwezi wa sita 2026, 20:05:46

Arch Linux disables new AUR registrations after malware waves

Jumamosi, 13. Mwezi wa sita 2026, 16:49:43

Malware infects 1579 packages in Arch Linux AUR

Jumatatu, 11. Mwezi wa tano 2026, 06:22:56

Fake OpenAI repository tops Hugging Face downloads

Ijumaa, 8. Mwezi wa tano 2026, 19:49:13

Hackers create fake Claude site to spread malware

Jumanne, 5. Mwezi wa tano 2026, 12:10:37

Daemon Tools app hit by monthlong supply-chain attack

Tovuti hii inatumia vidakuzi

Tunatumia vidakuzi kwa uchambuzi ili kuboresha tovuti yetu. Soma sera ya faragha yetu kwa maelezo zaidi.
Kataa