-= Per source details. Do not edit below this line.=-
During installation, a cryptominer is secretly installed and started.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2024-09-bondonioanderas-cryptominer
Reasons (based on the campaign):
cryptominer
The package overrides the install command in setup.py to execute malicious code during installation.
obfuscation
{
"malicious-packages-origins": [
{
"versions": [
"0.1"
],
"sha256": "3ba9ceb66c2089feb9d9d1ba7b36c9218a396746fa3f82c811e5145e043715a2",
"modified_time": "2024-12-09T06:49:51Z",
"source": "reversing-labs",
"id": "RLMA-2024-10983",
"import_time": "2024-12-09T14:38:41.301806753Z"
},
{
"sha256": "f56f645ce4e6f0ba4962a7a5a3498c6e10a065bebb5cd57436fad8b210961a0e",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-09-20T11:29:31Z",
"source": "kam193",
"id": "pypi/2024-09-bondonioanderas-cryptominer/bo3to",
"import_time": "2025-12-02T22:30:55.000518135Z"
},
{
"sha256": "131072b5bfcd4ce6218aaec66423046b83d0e49904d5992b26192daa201421bd",
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"modified_time": "2024-09-20T11:29:31Z",
"source": "kam193",
"id": "pypi/2024-09-bondonioanderas-cryptominer/bo3to",
"import_time": "2025-12-02T23:07:18.029318873Z"
},
{
"versions": [
"0.1"
],
"sha256": "636ebc80ca4935056f9f0f5f5e8c0b69a5727b86efce292f9a9bf60452dbf8f2",
"modified_time": "2024-09-20T11:29:31Z",
"source": "kam193",
"id": "pypi/2024-09-bondonioanderas-cryptominer/bo3to",
"import_time": "2025-12-10T21:38:57.322799214Z"
},
{
"sha256": "07b4becdeaaa8939ea320caf4ba80f43af698515df3a9f3b9f7960e33cc55762",
"modified_time": "2026-03-18T12:11:57Z",
"source": "reversing-labs",
"id": "RLUA-2026-00152",
"import_time": "2026-03-19T12:19:29.791747896Z"
}
],
"iocs": {
"urls": [
"https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.sh"
]
}
}