The curious case of ‘secretslib’—a fileless cryptominer
Sonatype has identified a ‘secretslib’ PyPI package that describes itself as “secrets matching and verification made easy.” On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters.
Further, the threat actor publishing the malicious package used the identity and contact information of a real national laboratory software engineer working for a U.S. Department of Energy-funded lab to lend credibility to their malware but the truth eventually surfaced.
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ax Sharma. Read the original post at: https://blog.sonatype.com/pypi-package-secretslib-drops-fileless-linux-malware-to-mine-monero