Twelve Malicious Python Libraries Found and Removed From PyPI

An anonymous reader writes:
A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages used typo-squatting in the hopes a user would install them by accident or carelessness when doing a 'pip install' operation for a mistyped more popular package, like Django (ex: diango). Eleven libraries would attempt to either collect data about each infected environment, obtain boot persistence, or even open a reverse shell on remote workstations. A twelfth package, named 'colourama,' was financially-motivated and hijacked an infected users' operating system clipboard, where it would scan every 500ms for a Bitcoin address-like string, which it would replace with the attacker's own Bitcoin address in an attempt to hijack Bitcoin payments/transfers made by an infected user.
54 users downloaded that package -- although all 12 malicious packages have since been taken down.
Four of the packages were misspellings of django -- diango, djago, dajngo, and djanga.

Read more of this story at Slashdot.