Malicious Python Packages Replace Crypto Addresses in Developer Clipboardsblog.phylum.io/pypi-malware-replaces-crypto-addresses-in-developers-clipboard
333 sats \ 3 comments \ @rijndael 7 Nov 2022 bitcoin
write
preview
related posts
325 sats \ 0 replies \ @ek 7 Nov 2022
Seems to mainly target Windows users.
I checked out four packages:
root@286b686938ef:~# grep -RE "sys.platform|linux|win32"
baeutifulsoup4-0.1/setup.py:if sys.platform == 'win32':
baeutifulsoup4-0.1/setup.py:      import win32com
baeutifulsoup4-0.1/setup.py:      main(['install', 'pypiwin32'])
baeutifulsoup4-0.1/setup.py:    from win32com.client import Dispatch
rqeuests-0.1/setup.py:if sys.platform == 'win32':
rqeuests-0.1/setup.py:      import win32com
rqeuests-0.1/setup.py:      main(['install', 'pypiwin32'])
rqeuests-0.1/setup.py:    from win32com.client import Dispatch
beautifulsup4-0.1/setup.py:if sys.platform == 'win32':
beautifulsup4-0.1/setup.py:      import win32com
beautifulsup4-0.1/setup.py:      main(['install', 'pypiwin32'])
beautifulsup4-0.1/setup.py:    from win32com.client import Dispatch
cloorama-0.1/setup.py:if sys.platform == 'win32':
cloorama-0.1/setup.py:      import win32com
cloorama-0.1/setup.py:      main(['install', 'pypiwin32'])
cloorama-0.1/setup.py:    from win32com.client import Dispatch
reply
22 sats \ 1 reply \ @petertodd 7 Nov 2022
One of many reasons why I always recommend that devs (and others) use QubesOS: https://www.qubes-os.org/intro/
tl;dr: it splits everything up into a bunch of virtual machines. In this case it'd protect your clipboard from being seen at all by the malware, if you split your dev VMs from your btc VMs
reply
11 sats \ 0 replies \ @rijndael OP 8 Nov 2022
Qubes is great. The networking is really nice. Makes it easy to have specific VMs run through tor or a vpn (for example) or to have VMs that dont have network connections or only have connections to specific VM. This is all standard virtual networking, but qubes has some nice tooling around it.
reply