You’ve probably heard of the Python module ‘dateutil‘. The module offers powerful extensions to the standard datetime library extensively used by Python developers. Yesterday, however, Sonatype’s automated malware detection system caught a suspicious PyPI package called ‘python-dateutils’ that mines Monero (XMR) cryptocurrency on your system—whether Windows, Linux, or macOS, and steals AWS credentials.
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ax Sharma. Read the original post at: https://blog.sonatype.com/python-dateutils-a-moner-cryptominer-in-disguise-for-windows-linux-macos